{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T06:07:23Z","timestamp":1778825243959,"version":"3.51.4"},"reference-count":57,"publisher":"Elsevier BV","license":[{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/tdm\/userlicense\/1.0\/"},{"start":{"date-parts":[[2026,8,1]],"date-time":"2026-08-01T00:00:00Z","timestamp":1785542400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.elsevier.com\/legal\/tdmrep-license"},{"start":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T00:00:00Z","timestamp":1776211200000},"content-version":"vor","delay-in-days":0,"URL":"http:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100001794","name":"The University of Queensland","doi-asserted-by":"publisher","id":[{"id":"10.13039\/501100001794","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["elsevier.com","sciencedirect.com"],"crossmark-restriction":true},"short-container-title":["Computers &amp; Security"],"published-print":{"date-parts":[[2026,8]]},"DOI":"10.1016\/j.cose.2026.104927","type":"journal-article","created":{"date-parts":[[2026,4,15]],"date-time":"2026-04-15T19:50:42Z","timestamp":1776282642000},"page":"104927","update-policy":"https:\/\/doi.org\/10.1016\/elsevier_cm_policy","source":"Crossref","is-referenced-by-count":0,"special_numbering":"C","title":["Informed cybersecurity decisions: A synthesis of expert perspectives"],"prefix":"10.1016","volume":"167","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8369-3185","authenticated-orcid":false,"given":"Niamh","family":"Dawson","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1032-4941","authenticated-orcid":false,"given":"Emma","family":"Knight","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7191-8690","authenticated-orcid":false,"given":"Ivano","family":"Bongiovanni","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-6764-0606","authenticated-orcid":false,"given":"Richard","family":"O\u2019Quinn","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"78","reference":[{"key":"10.1016\/j.cose.2026.104927_bib0001","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2020.102122","article-title":"How can organizations develop situation awareness for incident response: a case study of management practice","volume":"101","author":"Ahmad","year":"2021","journal-title":"Comput. Secur."},{"issue":"3","key":"10.1016\/j.cose.2026.104927_bib0002","article-title":"Roles and challenges of AI based cybersecurity: a case study","volume":"18","author":"Alalwan","year":"2022","journal-title":"Jordan J. Bus. Adm."},{"key":"10.1016\/j.cose.2026.104927_bib0003","article-title":"Factors impacting users\u2019 compliance with information security policies: an empirical study","volume":"12","author":"Alzahrani","year":"2021"},{"key":"10.1016\/j.cose.2026.104927_bib0004","article-title":"Cybersecurity capabilities and cyber-attacks as drivers of investment in cybersecurity systems: a UK survey for 2018 and 2019","volume":"124","author":"Arroyabe","year":"2023","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.104927_bib0005","series-title":"ACM International Conference Proceeding Series","first-page":"151","article-title":"Cyber Insurance from the stakeholder\u2019s perspective: a qualitative analysis of barriers and facilitators to adoption","author":"Branley-Bell","year":"2022"},{"issue":"2","key":"10.1016\/j.cose.2026.104927_bib0006","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1191\/1478088706qp063oa","article-title":"Using thematic analysis in psychology","volume":"3","author":"Braun","year":"2006","journal-title":"Qual. Res. Psychol."},{"issue":"3","key":"10.1016\/j.cose.2026.104927_bib0007","doi-asserted-by":"crossref","first-page":"328","DOI":"10.1080\/14780887.2020.1769238","article-title":"One size fits all? What counts as quality practice in (reflexive) thematic analysis?","volume":"18","author":"Braun","year":"2021","journal-title":"Qual. Res. Psychol."},{"key":"10.1016\/j.cose.2026.104927_bib0008","series-title":"Thematic Analysis: A Practical Guide","author":"Braun","year":"2023"},{"issue":"3","key":"10.1016\/j.cose.2026.104927_bib0009","doi-asserted-by":"crossref","first-page":"1391","DOI":"10.1007\/s11135-021-01182-y","article-title":"A worked example of Braun and Clarke\u2019s approach to reflexive thematic analysis","volume":"56","author":"Byrne","year":"2022","journal-title":"Qual. Quant."},{"issue":"8","key":"10.1016\/j.cose.2026.104927_bib0010","doi-asserted-by":"crossref","first-page":"652","DOI":"10.1177\/1744987120927206","article-title":"Purposive sampling: complex or simple? Research case examples","volume":"25","author":"Campbell","year":"2020","journal-title":"J. Res. Nurs."},{"key":"10.1016\/j.cose.2026.104927_bib0011","article-title":"Developing metrics to assess the effectiveness of cybersecurity awareness program","volume":"8","author":"Chaudhary","year":"2022"},{"issue":"12","key":"10.1016\/j.cose.2026.104927_bib0012","doi-asserted-by":"crossref","first-page":"1290","DOI":"10.1080\/0144929X.2019.1583769","article-title":"The impact of time pressure on cybersecurity behavior: a systematic literature review","volume":"38","author":"Chowdhury","year":"2019","journal-title":"Behav. Inf. Technol."},{"issue":"2","key":"10.1016\/j.cose.2026.104927_bib0013","doi-asserted-by":"crossref","first-page":"239","DOI":"10.1057\/s41288-018-0082-7","article-title":"Perceptions of corporate cyber risks and insurance decision-making","volume":"43","author":"De Smidt","year":"2018","journal-title":"Geneva Pap. Risk Insur.: Issues Pract."},{"key":"10.1016\/j.cose.2026.104927_bib0014","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1016\/j.cose.2016.09.006","article-title":"A model of the information security investment decision-making process","volume":"63","author":"Dor","year":"2016","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.104927_bib0015","series-title":"Proceedings of the Human Factors Society 32nd Annual Meeting","article-title":"Design and evaluation of situation awareness enhancement","author":"Endsley","year":"1988"},{"key":"10.1016\/j.cose.2026.104927_bib0016","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2024.103795","article-title":"Ethical principles shaping values-based cybersecurity decision-making","volume":"140","author":"Fenech","year":"2024","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.104927_bib0017","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2023.103268","article-title":"Cyber expert feedback: experiences, expectations, and opinions about cyber deception","volume":"130","author":"Ferguson-Walter","year":"2023","journal-title":"Comput. Secur."},{"issue":"102840","key":"10.1016\/j.cose.2026.104927_bib0018","article-title":"Governing cybersecurity from the boardroom: challenges, drivers, and ways ahead","volume":"121","author":"Gale","year":"2022","journal-title":"Comput. Secur."},{"issue":"4","key":"10.1016\/j.cose.2026.104927_bib0019","doi-asserted-by":"crossref","first-page":"438","DOI":"10.1145\/581271.581274","article-title":"The economics of information security investment","volume":"5","author":"Gordon","year":"2002","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"10.1016\/j.cose.2026.104927_bib0020","doi-asserted-by":"crossref","unstructured":"Groenendaal, J., & Helsloot, I. (2025). Resilient decision making in Cyber incident response (pp. 119\u2013135). https:\/\/doi.org\/10.1007\/978-3-031-90109-6_6.","DOI":"10.1007\/978-3-031-90109-6_6"},{"key":"10.1016\/j.cose.2026.104927_bib0021","series-title":"Cyber for Builders : the Essential Guide to Building a Cybersecurity Startup","author":"Haleliuk","year":"2024"},{"key":"10.1016\/j.cose.2026.104927_bib0022","series-title":"Proceedings - 2023 IEEE International Conference on Cryptography, Informatics, and Cybersecurity: Cryptography and Cybersecurity: Roles, Prospects, and Challenges, ICoCICs 2023","first-page":"82","article-title":"Evaluating the people, process, and technology priorities for NIST Cybersecurity Framework implementation in E-government","author":"Handri","year":"2023"},{"issue":"3","key":"10.1016\/j.cose.2026.104927_bib0023","doi-asserted-by":"crossref","first-page":"1721","DOI":"10.1007\/s10207-023-00810-y","article-title":"Maritime decision-makers and cybersecurity: deck officers\u2019 perception of cyber risks towards IT and OT systems","volume":"23","author":"Haugli-Sandvik","year":"2024","journal-title":"Int. J. Inf. Secur."},{"key":"10.1016\/j.cose.2026.104927_bib0024","author":"Heidt"},{"key":"10.1016\/j.cose.2026.104927_bib0025","series-title":"Science of Cybersecurity. SciSec 2024. Lecture Notes in Computer Science","article-title":"Exploring the effects of cybersecurity awareness and decision-making under risk","volume":"15441","author":"H\u00f6rnemann","year":"2025"},{"key":"10.1016\/j.cose.2026.104927_bib0026","unstructured":"IBM. (2024). Cost of a data breach Report 2024."},{"issue":"3","key":"10.1016\/j.cose.2026.104927_bib0027","doi-asserted-by":"crossref","first-page":"349","DOI":"10.1111\/1467-6486.00184","article-title":"Management ethics and corporate policy: a cross-cultural comparison","volume":"37","author":"Jackson","year":"2000","journal-title":"J. Manag. Stud."},{"issue":"1","key":"10.1016\/j.cose.2026.104927_bib0028","doi-asserted-by":"crossref","first-page":"66","DOI":"10.1016\/j.jsis.2018.09.003","article-title":"Decision-making and biases in cybersecurity capability development: evidence from a simulation game experiment","volume":"28","author":"Jalali","year":"2019","journal-title":"J. Strateg. Inf. Syst."},{"issue":"4","key":"10.1016\/j.cose.2026.104927_bib0029","doi-asserted-by":"crossref","first-page":"361","DOI":"10.1080\/10919392.2020.1776033","article-title":"Institutional isomorphism in Organizational cybersecurity: a text analytics approach","volume":"30","author":"Jeyaraj","year":"2020","journal-title":"J. Organ. Comput. Electron. Commer."},{"key":"10.1016\/j.cose.2026.104927_bib0030","series-title":"Americas Conference on Information Systems (AMCIS)","article-title":"Employees\u2019 Post\u2013Breach information security policy non- compliance: an organizational legitimacy perspective","author":"Jiang","year":"2024"},{"issue":"3","key":"10.1016\/j.cose.2026.104927_bib0031","doi-asserted-by":"crossref","first-page":"119","DOI":"10.1007\/s10207-025-01032-0","article-title":"Human factors in cybersecurity: an interdisciplinary review and framework proposal","volume":"24","author":"Khadka","year":"2025","journal-title":"Int. J. Inf. Secur."},{"key":"10.1016\/j.cose.2026.104927_bib0032","series-title":"BlackCat Ransomware Group Implodes After Apparent $22M Payment By Change Healthcare","author":"Krebs","year":"2024"},{"key":"10.1016\/j.cose.2026.104927_bib0033","unstructured":"Mahlatje, N. (2022). The function of cyber-security awareness and training in shaping cyber-risk perceptions and resultant cyber behaviors."},{"issue":"2","key":"10.1016\/j.cose.2026.104927_bib0034","first-page":"98","article-title":"Identifying behavioral constructs in relation to user cybersecurity behavior","volume":"9","author":"Mashiane","year":"2021","journal-title":"Eurasian J. Soc. Sci."},{"key":"10.1016\/j.cose.2026.104927_bib0035","series-title":"Doctoral dissertation","article-title":"Artificial intelligence cybersecurity threats - determining strategy and decision-making effects","author":"Mason","year":"2020"},{"issue":"1","key":"10.1016\/j.cose.2026.104927_bib0036","doi-asserted-by":"crossref","first-page":"11","DOI":"10.1016\/j.dss.2013.04.004","article-title":"Cyber-risk decision models: to insure IT or not?","volume":"56","author":"Mukhopadhyay","year":"2013","journal-title":"Decis. Support Syst."},{"key":"10.1016\/j.cose.2026.104927_bib0037","article-title":"Enhancing cybersecurity: a review and comparative analysis of convolutional neural network approaches for detecting URL-based phishing attacks","volume":"8","author":"Nanda","year":"2024","journal-title":"e-Prime-Adv. Electr. Eng. Electron. Energy"},{"key":"10.1016\/j.cose.2026.104927_bib0038","author":"Niedzela"},{"key":"10.1016\/j.cose.2026.104927_bib0039","series-title":"Proceedings - 2nd IEEE International Conference on Cybersecurity and Cloud Computing, CSCloud 2015 - IEEE International Symposium of Smart Cloud, IEEE SSC 2015","first-page":"247","article-title":"Small-scale cybersecurity","author":"Osborn","year":"2016"},{"key":"10.1016\/j.cose.2026.104927_bib0040","series-title":"One Year Later: Cybersecurity Lessons from Change Healthcare Breach","author":"Rosch","year":"2025"},{"key":"10.1016\/j.cose.2026.104927_bib0041","series-title":"Data Breach Cost Latitude $76 Million","author":"Sadler","year":"2023"},{"issue":"16","key":"10.1016\/j.cose.2026.104927_bib0042","doi-asserted-by":"crossref","first-page":"7273","DOI":"10.3390\/s23167273","article-title":"A systematic literature review on Cyber threat intelligence for organizational cybersecurity resilience","volume":"23","author":"Saeed","year":"2023","journal-title":"Sensors"},{"key":"10.1016\/j.cose.2026.104927_bib0043","first-page":"465","article-title":"Herd behavior and investment","author":"Scharfstein","year":"1990","journal-title":"Am. Econ. Rev."},{"issue":"3","key":"10.1016\/j.cose.2026.104927_bib0044","doi-asserted-by":"crossref","first-page":"1109","DOI":"10.1007\/s10796-023-10404-7","article-title":"Organizational learning from cybersecurity performance: effects on cybersecurity investment decisions","volume":"26","author":"Shaikh","year":"2024","journal-title":"Inf. Syst. Front."},{"key":"10.1016\/j.cose.2026.104927_bib0045","doi-asserted-by":"crossref","DOI":"10.1016\/j.cose.2020.101961","article-title":"Shall we follow? Impact of reputation concern on information security managers\u2019 investment decisions","volume":"97","author":"Shao","year":"2020","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.104927_bib0046","doi-asserted-by":"crossref","first-page":"2191","DOI":"10.1111\/risa.13599","article-title":"Risk perception: reflections on 40 years of research","volume":"40","author":"Siegrist","year":"2020","journal-title":"Risk Anal."},{"key":"10.1016\/j.cose.2026.104927_bib0047","doi-asserted-by":"crossref","DOI":"10.1016\/j.accinf.2023.100642","article-title":"A pathway model to five lines of accountability in cybersecurity governance","volume":"51","author":"Slapni\u010dar","year":"2023","journal-title":"Int. J. Account. Inf. Syst."},{"issue":"1","key":"10.1016\/j.cose.2026.104927_bib0048","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1080\/1750984X.2017.1317357","article-title":"Developing rigor in qualitative research: problems and opportunities within sport and exercise psychology","volume":"11","author":"Smith","year":"2018","journal-title":"Int. Rev. Sport Exerc. Psychol."},{"key":"10.1016\/j.cose.2026.104927_bib0049","series-title":"Financial Cryptography and Data Security. FC 2015. Lecture Notes in Computer Science","article-title":"Are you at risk? Profiling organizations and individuals subject to targeted attacks","author":"Thonnard","year":"2015"},{"key":"10.1016\/j.cose.2026.104927_bib0050","series-title":"PICMET 2016 - Portland International Conference on Management of Engineering and Technology: Technology Management For Social Innovation, Proceedings","first-page":"32","article-title":"Bridging the gap between business and technology in strategic decision-making for cybersecurity management","author":"V\u00e4lja","year":"2017"},{"key":"10.1016\/j.cose.2026.104927_bib0051","first-page":"139","article-title":"Unravelling the three lines model in cybersecurity: a systematic literature review","author":"Valkenburg","year":"2024","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.104927_bib0052","series-title":"Capita hack: 90 Organizations Report Data Breaches to Watchdog","author":"Vallance","year":"2023"},{"issue":"1","key":"10.1016\/j.cose.2026.104927_bib0053","doi-asserted-by":"crossref","first-page":"188","DOI":"10.1111\/ijau.12365","article-title":"Key drivers of cybersecurity audit effectiveness: a neo-institutional perspective","volume":"29","author":"Vuko","year":"2025","journal-title":"Int. J. Audit."},{"key":"10.1016\/j.cose.2026.104927_bib0054","series-title":"Proceedings - 2013 International Conference on Availability, Reliability and Security, ARES 2013","first-page":"569","article-title":"A bootstrapping approach for developing a cyber-security ontology using textbook index terms","author":"Wali","year":"2013"},{"key":"10.1016\/j.cose.2026.104927_bib0055","doi-asserted-by":"crossref","first-page":"807","DOI":"10.1016\/j.cose.2018.02.001","article-title":"Information security investments: an exploratory multiple case study on decision-making, evaluation and learning","volume":"77","author":"Weish\u00e4upl","year":"2018","journal-title":"Comput. Secur."},{"key":"10.1016\/j.cose.2026.104927_bib0056","series-title":"Introducing Qualitative Research in Psychology","author":"Willig","year":"2013"},{"key":"10.1016\/j.cose.2026.104927_bib0057","unstructured":"Zeijlemaker, S. (2022). Unravelling the dynamic complexity of cyber-security."}],"container-title":["Computers &amp; Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826001033?httpAccept=text\/xml","content-type":"text\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/api.elsevier.com\/content\/article\/PII:S0167404826001033?httpAccept=text\/plain","content-type":"text\/plain","content-version":"vor","intended-application":"text-mining"}],"deposited":{"date-parts":[[2026,5,15]],"date-time":"2026-05-15T05:11:25Z","timestamp":1778821885000},"score":1,"resource":{"primary":{"URL":"https:\/\/linkinghub.elsevier.com\/retrieve\/pii\/S0167404826001033"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,8]]},"references-count":57,"alternative-id":["S0167404826001033"],"URL":"https:\/\/doi.org\/10.1016\/j.cose.2026.104927","relation":{},"ISSN":["0167-4048"],"issn-type":[{"value":"0167-4048","type":"print"}],"subject":[],"published":{"date-parts":[[2026,8]]},"assertion":[{"value":"Elsevier","name":"publisher","label":"This article is maintained by"},{"value":"Informed cybersecurity decisions: A synthesis of expert perspectives","name":"articletitle","label":"Article Title"},{"value":"Computers & Security","name":"journaltitle","label":"Journal Title"},{"value":"https:\/\/doi.org\/10.1016\/j.cose.2026.104927","name":"articlelink","label":"CrossRef DOI link to publisher maintained version"},{"value":"article","name":"content_type","label":"Content Type"},{"value":"\u00a9 2026 The Author(s). Published by Elsevier Ltd.","name":"copyright","label":"Copyright"}],"article-number":"104927"}}