Risk communication, risk perception and information security

Abstract

This paper puts forward the view that an individual's perception of the risks associated with information systems determines the likelihood and extent to which she or he will engage in risk taking behaviour when using a computer. It is suggested that this behavior can be manipulated by 'framing' a communication concerning information system risk in a particular manner. In order to achieve major effectiveness in getting an information security message across to a computer user, this paper discusses and demonstrates how his or her individual cognitive style should be considered when framing the risk message. It then follows that if the risk taking bchaviour of computer users becomes less risky due to an increase in the level of perceived risk, then the level of information security increases.