{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,2]],"date-time":"2026-02-02T20:12:55Z","timestamp":1770063175327,"version":"3.49.0"},"reference-count":52,"publisher":"SAGE Publications","issue":"8","license":[{"start":{"date-parts":[[2019,7,10]],"date-time":"2019-07-10T00:00:00Z","timestamp":1562716800000},"content-version":"vor","delay-in-days":365,"URL":"http:\/\/www.sagepub.com\/licence-information-for-chorus"}],"funder":[{"DOI":"10.13039\/501100002990","name":"Deutsche Telekom Stiftung","doi-asserted-by":"publisher","award":["T-Labs@BGU"],"award-info":[{"award-number":["T-Labs@BGU"]}],"id":[{"id":"10.13039\/501100002990","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100006754","name":"Army Research Laboratory","doi-asserted-by":"publisher","award":["W911NF-16-2-0113"],"award-info":[{"award-number":["W911NF-16-2-0113"]}],"id":[{"id":"10.13039\/100006754","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Hum Factors"],"published-print":{"date-parts":[[2018,12]]},"abstract":"<jats:sec><jats:title>Objective:<\/jats:title><jats:p> We identify three risk-related behaviors in coping with cyber threats\u2014the exposure to risk a person chooses, use of security features, and responses to security indications. The combinations of behaviors that users choose determine how well they cope with threats and the severity of adverse events they experience. <\/jats:p><\/jats:sec><jats:sec><jats:title>Background:<\/jats:title><jats:p> End users\u2019 coping with risks is a major factor in cybersecurity. This behavior results from a combination of risk-related behaviors rather than from a single risk-taking tendency. <\/jats:p><\/jats:sec><jats:sec><jats:title>Method:<\/jats:title><jats:p> In two experiments, participants played a Tetris-like game, attempting to maximize their gains, while exogenous occasional attacks could diminish earnings. An alerting system provided indications about possible attacks, and participants could take protective actions to limit the losses from attacks. <\/jats:p><\/jats:sec><jats:sec><jats:title>Results:<\/jats:title><jats:p> Variables such as the costs of protective actions, reliability of the alerting system, and attack severity affected the three behaviors differently. Also, users dynamically adjusted each of the three risk-related behaviors after gaining experience with the system. <\/jats:p><\/jats:sec><jats:sec><jats:title>Conclusion:<\/jats:title><jats:p> The results demonstrate that users\u2019 risk taking is the complex combination of three behaviors rather than the expression of a general risk-taking tendency. The use of security features, exposure to risk, and responses to security indications reflect long-term strategy, short-term tactical decisions, and immediate maneuvering in coping with risks in dynamic environments. <\/jats:p><\/jats:sec><jats:sec><jats:title>Application:<\/jats:title><jats:p> The results have implications for the analysis of cybersecurity-related decisions and actions as well as for the evaluation and design of systems and targeted interventions in other domains. <\/jats:p><\/jats:sec>","DOI":"10.1177\/0018720818783953","type":"journal-article","created":{"date-parts":[[2018,7,10]],"date-time":"2018-07-10T18:02:25Z","timestamp":1531245745000},"page":"1163-1178","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":9,"title":["The Triad of Risk-Related Behaviors (TriRB): A Three-Dimensional Model of Cyber Risk Taking"],"prefix":"10.1177","volume":"60","author":[{"given":"Noam","family":"Ben-Asher","sequence":"first","affiliation":[{"name":"U.S. Army Research Laboratory, Adelphi, MD, USA"}]},{"given":"Joachim","family":"Meyer","sequence":"additional","affiliation":[{"name":"Tel Aviv University, Israel"}]}],"member":"179","published-online":{"date-parts":[[2018,7,10]]},"reference":[{"key":"bibr1-0018720818783953","unstructured":"Akhawe D., Felt A. P. (2013). Alice in Warningland: A large-scale field study of browser security warning effectiveness. Paper presented at the USENIX Security Symposium 2013, Washington, DC. Retrieved from https:\/\/www.usenix.org\/system\/files\/conference\/usenixsecurity13\/sec13-paper_akhawe.pdf"},{"key":"bibr2-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2006.11.004"},{"key":"bibr3-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2010.10.030"},{"key":"bibr4-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2015.01.039"},{"key":"bibr5-0018720818783953","volume-title":"Usable Security Experiment Reports (USER) Workshop in the Symposium on Usable Privacy and Security (SOUPS)","author":"Ben-Asher N.","year":"2010"},{"key":"bibr6-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1080\/00140139508925269"},{"key":"bibr7-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1037\/a0018758"},{"key":"bibr8-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2010.198"},{"key":"bibr9-0018720818783953","first-page":"87","volume-title":"Risk taking behavior","author":"Bromiley P.","year":"1992"},{"key":"bibr10-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1109\/VIZSEC.2016.7739578"},{"key":"bibr11-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1177\/0018720816665025"},{"key":"bibr12-0018720818783953","first-page":"1","volume-title":"Proceedings of the 1st Conference on Usability, Psychology and Security","author":"Cranor L.","year":"2008"},{"key":"bibr13-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1518\/001872007X215656"},{"key":"bibr14-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1145\/1357054.1357219"},{"key":"bibr15-0018720818783953","volume-title":"Signal detection theory and psychophysics","author":"Green D.","year":"1966"},{"key":"bibr16-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1145\/1719030.1719050"},{"key":"bibr17-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1080\/13669877.2016.1153504"},{"key":"bibr18-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1145\/1837110.1837126"},{"key":"bibr19-0018720818783953","doi-asserted-by":"publisher","DOI":"10.2307\/1914185"},{"key":"bibr20-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1109\/ARES.2010.77"},{"key":"bibr21-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2013.19"},{"key":"bibr22-0018720818783953","author":"Lange M.","year":"2017","journal-title":"arXiv preprint arXiv:1703.03306"},{"key":"bibr23-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1016\/j.apergo.2006.04.020"},{"key":"bibr24-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1037\/1076-898X.8.2.75"},{"key":"bibr25-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1037\/0033-2909.127.2.267"},{"key":"bibr26-0018720818783953","volume-title":"Detection theory: A user\u2019s guide","author":"Macmillan N.","year":"2005"},{"key":"bibr27-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1518\/001872001775900931"},{"key":"bibr28-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1518\/hfes.46.2.196.37335"},{"key":"bibr29-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1518\/0018720024497754"},{"key":"bibr30-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1093\/oxfordhb\/9780199757183.013.0007"},{"key":"bibr31-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1177\/0018720817698616"},{"key":"bibr32-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1177\/0018720813512865"},{"key":"bibr33-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2014.09.014"},{"key":"bibr34-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.01.001"},{"key":"bibr35-0018720818783953","first-page":"201","volume-title":"Automation and human performance: Theory and applications","author":"Mosier K.","year":"1996"},{"key":"bibr36-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2008.11.010"},{"key":"bibr37-0018720818783953","unstructured":"Olmstead K., Smith A. (2017). What the public knows about cybersecurity. Retrieved from http:\/\/www.pewinternet.org\/2017\/03\/22\/what-the-public-knows-about-cybersecurity\/"},{"key":"bibr38-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1080\/001401300409125"},{"key":"bibr39-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1177\/0018720810376055"},{"key":"bibr40-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1515\/jhsem-2014-0035"},{"key":"bibr41-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1177\/0018720815585906"},{"key":"bibr42-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1023\/A:1011902718709"},{"key":"bibr43-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2007.35"},{"key":"bibr44-0018720818783953","unstructured":"Stobert E., Biddle R. (2014). The password life cycle: User behaviour in managing passwords. In Symposium on Usable Privacy and Security (SOUPS 2014). Retrieved from https:\/\/www.usenix.org\/system\/files\/conference\/soups2014\/soups14-paper-stobert.pdf"},{"key":"bibr45-0018720818783953","first-page":"399","volume-title":"Proceedings of the 18th Conference on USENIX Security Symposium","author":"Sunshine J.","year":"2009"},{"key":"bibr46-0018720818783953","doi-asserted-by":"publisher","DOI":"10.17705\/1jais.00375"},{"key":"bibr47-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1016\/j.jbi.2008.10.001"},{"key":"bibr48-0018720818783953","volume-title":"Principles of information security","author":"Whitman M.","year":"2011"},{"key":"bibr49-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1111\/j.1539-6924.1982.tb01384.x"},{"key":"bibr50-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1201\/9781482289688"},{"key":"bibr51-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1016\/j.chb.2008.04.005"},{"key":"bibr52-0018720818783953","doi-asserted-by":"publisher","DOI":"10.1016\/j.dss.2010.06.001"}],"container-title":["Human Factors: The Journal of the Human Factors and Ergonomics Society"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/0018720818783953","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.1177\/0018720818783953","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/0018720818783953","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.1177\/0018720818783953","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,28]],"date-time":"2025-02-28T21:01:31Z","timestamp":1740776491000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.1177\/0018720818783953"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,7,10]]},"references-count":52,"journal-issue":{"issue":"8","published-print":{"date-parts":[[2018,12]]}},"alternative-id":["10.1177\/0018720818783953"],"URL":"https:\/\/doi.org\/10.1177\/0018720818783953","relation":{},"ISSN":["0018-7208","1547-8181"],"issn-type":[{"value":"0018-7208","type":"print"},{"value":"1547-8181","type":"electronic"}],"subject":[],"published":{"date-parts":[[2018,7,10]]}}}