Security and privacy risks in electronic communications: A user's assessment

Most research today in electronic communications focuses on developing new technologies and “best practices” to enhance security and privacy. However, these technologies and best-practice codes are all too often not used, and in this failure the users are often their own worst enemies. It is thus important to develop an enhanced understanding of why users indicate concern about security and privacy, but when given the opportunity act contrary to their stated intention. We collect data from 435 participants about 24 electronic activities with a survey and a mixed effects model. We find a significant inverse relationship between their assessed risk and benefit (recognizing that the particular technology matters where some technologies are inherently perceived as more risky than others). This significant inverse relationship represents a departure from decision theories that assume purely cognitive information processing, and the separation of the probabilities and the utilities. We shed light on the role of affect, which commonly competes with cognition, and works as an orienting mechanism in security and privacy behaviors, and discuss business and policy implications of our findings.