{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T16:03:46Z","timestamp":1773936226830,"version":"3.50.1"},"reference-count":85,"publisher":"MDPI AG","issue":"2","license":[{"start":{"date-parts":[[2022,4,14]],"date-time":"2022-04-14T00:00:00Z","timestamp":1649894400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Systems"],"abstract":"<jats:p>Cyber-security incidents show how difficult it is to make optimal strategic decisions in such a complex environment. Given that it is hard for researchers to observe organisations\u2019 decision-making processes driving cyber-security strategy, we developed a board game that mimics this real-life environment and shows the challenges of decision-making. We observed cyber-security experts participating in the game. The results showed that decision-makers who performed poorly tended to employ heuristics, leading to fallacious decision approaches (overreaction strategies in place of proactive ones), and were not always aware of their poor performances. We advocate the need for decision support tools that capture this complex dynamic nature.<\/jats:p>","DOI":"10.3390\/systems10020049","type":"journal-article","created":{"date-parts":[[2022,4,20]],"date-time":"2022-04-20T00:22:43Z","timestamp":1650414163000},"page":"49","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":18,"title":["Decision-Makers\u2019 Understanding of Cyber-Security\u2019s Systemic and Dynamic Complexity: Insights from a Board Game for Bank Managers"],"prefix":"10.3390","volume":"10","author":[{"given":"Sander","family":"Zeijlemaker","sequence":"first","affiliation":[{"name":"Cybersecurity at MIT Sloan, Sloan School of Management, Massachusetts Institute of Technology, Cambridge, MA 02139, USA"},{"name":"Disem Institute, 1827 LR Alkmaar, The Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Eti\u00ebnne A. J. A.","family":"Rouwette","sequence":"additional","affiliation":[{"name":"Institute for Management Research, Radboud University, 6525 AJ Nijmegen, The Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-0450-7725","authenticated-orcid":false,"given":"Giovanni","family":"Cunico","sequence":"additional","affiliation":[{"name":"Business School, University of New South Wales (UNSW), Sydney, NSW 2052, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-0777-4004","authenticated-orcid":false,"given":"Stefano","family":"Armenia","sequence":"additional","affiliation":[{"name":"Department of Research, Link University, Via del Casale di San Pio V, 00165 Rome, Italy"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1174-8378","authenticated-orcid":false,"given":"Michael","family":"von Kutzschenbach","sequence":"additional","affiliation":[{"name":"Institute of Management, University of Applied Sciences and Arts Northwestern Switzerland, 4002 Basel, Switzerland"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2022,4,14]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"681","DOI":"10.1016\/j.im.2018.11.003","article-title":"Information security breaches and IT security investments: Impacts on competitors","volume":"56","author":"Christina","year":"2019","journal-title":"Inf. Manag."},{"key":"ref_2","doi-asserted-by":"crossref","unstructured":"Goel, S., Williams, K.J., Huang, J., and Warkentin, M. (2021). Can financial incentives help with the struggle for security policy compliance?. Inf. Manag., 58.","DOI":"10.1016\/j.im.2021.103447"},{"key":"ref_3","unstructured":"Ritcher, F. (2021, December 21). 200,000+ Systems Affected by WannaCry Ransom Attack. Available online: https:\/\/www.statista.com\/chart\/9399\/wannacry-cyber-attack-in-numbers."},{"key":"ref_4","unstructured":"GReAT (2021, December 21). The Great Bank Robbery: The Carbanak APT. Available online: https:\/\/securelist.com\/the-great-bank-robbery-the-carbanak-apt\/68732\/."},{"key":"ref_5","unstructured":"Modderkolk, H. (2019). Het Is Oorlog Maar Niemand Die Het Ziet, Uitgeverij Podium."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Armenia, S., Angelini, M., Nonino, F., Palombi, G., and Schlitzer, M.F. (2021). A dynamic simulation approach to support the evaluation of cyber risks and security investments in SMEs. Decis. Support Syst., 147.","DOI":"10.1016\/j.dss.2021.113580"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"404","DOI":"10.1016\/j.im.2009.06.005","article-title":"Estimating the market impact of security breach announcements on firm values","volume":"46","author":"Goel","year":"2009","journal-title":"Inf. Manag."},{"key":"ref_8","unstructured":"Zeijlemaker, S. (2016, January 17\u201321). Exploring the dynamic complexity of the cyber-security economic equilibrium. Proceedings of the 34th International Conference of the System Dynamics Society, Delft, The Netherlands."},{"key":"ref_9","unstructured":"Zeijlemaker, S. (2017). Cyber-Security Quantification: Founding a Structural Understanding of Its Dynamic Complexity, Radboud University."},{"key":"ref_10","unstructured":"Zeijlemaker, S., Uriega, J.D., and Kilanc, G.P. (2018, January 6\u201310). Malware dynamics: How to develop a successful anti-malware defence reference architecture policy. Proceedings of the 36th International Conference of the System Dynamics Society, Reykjavik, Iceland."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"49","DOI":"10.1016\/j.dss.2015.04.011","article-title":"Allocation of resources to cyber-security: The effect of misalignment of interest between managers and investors","volume":"75","author":"Srinidhi","year":"2015","journal-title":"Decis. Support Syst."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"103","DOI":"10.1016\/j.ijcip.2010.10.002","article-title":"The economics of cybersecurity: Principles and policy options","volume":"3","author":"Moore","year":"2010","journal-title":"Int. J. Crit. Infrastruct. Prot."},{"key":"ref_13","unstructured":"Zhou, Y., and Solak, S. (June, January 31). Measuring and Optimizing Cybersecurity Investments: A Quantitative Portfolio Approach. Proceedings of the 2014 Industrial and Systems Engineering Research Conference, Montr\u00e9al, Canada."},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Anderson, R., Barton, C., B\u00f6hme, R., Clayton, R., van Eeten, M.J.G., Levi, M., Moore, T., and Savage, S. (2013). Measuring the Cost of Cybercrime. The Economics of Information Security and Privacy, Springer.","DOI":"10.1007\/978-3-642-39498-0_12"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Schneier, B. (2015, August 30). CYA Security, Schneier on Security. Available online: https:\/\/www.schneier.com\/blog\/archives\/2007\/02\/cya_security_1.html.","DOI":"10.1002\/9781119183631.ch1"},{"key":"ref_16","unstructured":"Tongia, R., and Kanika, J. (2003). Investing in Security\u2014Do not rely on FUD. Inf. Syst. Control. J., 5, Available online: https:\/\/www.researchgate.net\/profile\/Rahul-Tongia\/publication\/238746543_Investing_in_Security-Do_Not_Rely_on_FUD\/links\/559e759508aea946c06a0880\/Investing-in-Security-Do-Not-Rely-on-FUD.pdf."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"321","DOI":"10.1287\/mnsc.35.3.321","article-title":"Modeling Managerial Behavior: Misperceptions of Feedback in a Dynamic Decision-making Experiment","volume":"35","author":"Sterman","year":"1989","journal-title":"Manag. Sci."},{"key":"ref_18","unstructured":"Sterman, J. (2021, December 21). Teaching Takes off: Flight Simulators for Management Education \u201cThe Beer Game\u201d, October 1992. Available online: http:\/\/web.mit.edu\/jsterman\/www\/SDG\/beergame.html."},{"key":"ref_19","unstructured":"Vennix, J.A.M. (1996). Group Model Building, Facilitating Team Learning Using System Dynamics, John Wiley & Sons Ltd."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"505","DOI":"10.2105\/AJPH.2005.066043","article-title":"Learning from Evidence in a Complex World","volume":"96","author":"Sterman","year":"2006","journal-title":"Am. J. Public Health"},{"key":"ref_21","unstructured":"Moore, T., Duynes, S., and Chang, F.R. (2016, January 13\u201314). Identifying How Firms Manage Security Investment. Proceedings of the Workshop on the Economics of Information Security (WEIS), Berkeley, CA, USA."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"53","DOI":"10.17083\/ijsg.v3i1.107","article-title":"Game Based Cyber-Security Training: Are Serious Games suitable for cyber-security training?","volume":"3","author":"Hendrix","year":"2016","journal-title":"Int. J. Serious Games"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"249","DOI":"10.1037\/a0031311","article-title":"A meta-analysis of the cognitive and motivational effects of serious games","volume":"105","author":"Wouters","year":"2013","journal-title":"J. Educ. Psychol."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Barolli, L., Xhafa, F., Javaid, N., and Enokido, T. (2019). Designing a Cyber-security Board Game Based on Design Thinking Approach. International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing. Advances in Intelligent Systems and Computing, Springer.","DOI":"10.1007\/978-3-319-93554-6"},{"key":"ref_25","unstructured":"Olano, M., Sherman, A., Oliva, L., Cox, R., Firestone, D., Kubik, O., Patil, M., Saymour, J., Sohn, I., and Thomas, D. (2014, January 18). Security Empire: Development and Evaluation of a Digital Game to Promote Cyber-Security Education. Proceedings of the 2014 USENIX Summit on Gaming, Games and Gamification in Security Education, San Diego, CA, USA."},{"key":"ref_26","unstructured":"Falco, G., Eling, M., Jablanski, D., Miller, V., Gordon, L.A., Wang, S.F., Schmit, J., Thomas, R., Elvedi, M., and Maillart, T. (2019, January 3\u20134). A Research Agenda for Cyber Risk and Cyber Insurance. Proceedings of the 2019 Workshop on the Economics of Information Security, Boston, MA, USA."},{"key":"ref_27","doi-asserted-by":"crossref","unstructured":"Kenneally, E., Randazzese, L., and Balenson, D. (2018). Cyber Risk Economics Capability Gaps Research Strategy. United States Department of Homeland Security, Science and Technology Directorate.","DOI":"10.1109\/CyberSA.2018.8551399"},{"key":"ref_28","unstructured":"Sterman, J. (2000). Business Dynamics: Systems Thinking and Modeling for a Complex World, Irwin\/McGraw-Hill."},{"key":"ref_29","unstructured":"Scott, R., and Kosslyn, S. (2015). Heuristics: Tools for an Uncertain World Emerging. Trends in the Social and Behavioral Sciences, John Wiley & Sons, Inc."},{"key":"ref_30","first-page":"1","article-title":"Judgement under uncertainty: Heuristic and biases","volume":"13","author":"Tversky","year":"1973","journal-title":"Or. Inst. Res. Bull."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Kahneman, D., Slovic, P., and Tversky, A. (1982). Judgement under Uncertainty: Heuristics and Biases, Cambridge University Press.","DOI":"10.1017\/CBO9780511809477"},{"key":"ref_32","unstructured":"Myers, D.G. (2010). Social Psychology, McGraw-Hill Higher Education."},{"key":"ref_33","unstructured":"Gr\u00f6\u03b2ler, A., Bleijenberg, I., and Vennix, J. (2011, January 24\u201328). 10 Years on Average Doesn\u2019t Mean 10 Years in Any Case\u2014An Experimental Investigation of People\u2019s Understanding of Fixed and Continuous Delays. Proceedings of the International System Dynamics Conference, Washington, DC, USA."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Martinez-Moyano, I.J., Morrison, D., and Sallach, D. (2015, January 6\u20139). Modeling Adversarial Dynamics. Proceedings of the 2015 Winter Simulation Conference, Huntington Beach, CA, USA.","DOI":"10.1109\/WSC.2015.7408352"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"265","DOI":"10.2307\/3094806","article-title":"Capability Traps and Self-Confirming Attribution Errors in the Dynamics of Process Improvement","volume":"47","author":"Repenning","year":"2002","journal-title":"Adm. Sci. Q."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"193","DOI":"10.1016\/0361-3682(81)90026-X","article-title":"Management control of public and not-for-profit activities","volume":"6","author":"Hofstede","year":"1981","journal-title":"Account. Organ. Soc."},{"key":"ref_37","doi-asserted-by":"crossref","first-page":"263","DOI":"10.2307\/1914185","article-title":"Prospect Theory: An Analysis of Decision Under Risk","volume":"47","author":"Kahneman","year":"1979","journal-title":"Econometrica"},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"517","DOI":"10.1007\/s10669-013-9473-2","article-title":"Heuristics and biases in cyber security dilemmas","volume":"33","author":"Rosoff","year":"2013","journal-title":"Environ. Syst. Decis."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"61","DOI":"10.17645\/pag.v6i2.1279","article-title":"Fear, Uncertainty, and Dread: Cognitive Heuristics and Cyber Threats","volume":"6","author":"Gomez","year":"2018","journal-title":"Politics Gov."},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Van Schaik, P., Renaud, K., Wilson, C., Jansen, J., and Onibokun, J. (2020). Risk as affect: The affect heuristic in cybersecurity. Comput. Secur., 90.","DOI":"10.1016\/j.cose.2019.101651"},{"key":"ref_41","doi-asserted-by":"crossref","first-page":"66","DOI":"10.1016\/j.jsis.2018.09.003","article-title":"Decision-making and Biases in Cyber-security Capability Development: Evidence from a Simulation Game Experiment","volume":"28","author":"Jalali","year":"2017","journal-title":"J. Strateg. Inf. Syst."},{"key":"ref_42","unstructured":"Forrester, J. (1961). Industrial Dynamics, Massachusetts Institute of Technology Press."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"174","DOI":"10.1177\/0037550085162006","article-title":"STRATAGEM-2","volume":"16","author":"Sterman","year":"1985","journal-title":"Simul. Games"},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Duggan, J. (2016). An Introduction to System dynamics. System Dynamics Modeling with R, Springer.","DOI":"10.1007\/978-3-319-34043-2"},{"key":"ref_45","unstructured":"Pruyt, E. (2013). Small System Dynamics Models for Big Issues: Triple Jump towards Real World Complexity, TU Delft Library."},{"key":"ref_46","doi-asserted-by":"crossref","first-page":"604","DOI":"10.1057\/jors.1995.86","article-title":"On a resurgence of management simulations and games","volume":"46","author":"Lane","year":"1995","journal-title":"J. Oper. Res. Soc."},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"199","DOI":"10.1002\/sdr.372","article-title":"A brief and incomplete history of operational gaming in system dynamics","volume":"23","author":"Meadows","year":"2007","journal-title":"Syst. Dyn. Rev."},{"key":"ref_48","doi-asserted-by":"crossref","unstructured":"Cunico, G., Aivazidou, E., and Mollona, E. (2021). System dynamics gamification: A proposal for shared principles. Syst. Res. Behav. Sci., preprint.","DOI":"10.1002\/sres.2805"},{"key":"ref_49","doi-asserted-by":"crossref","unstructured":"Papathanasiou, J.S., Armenia, S., Barnab\u00e8, F., Carlini, C., Ciobanu, N., Digkoglou, P., Jarzabek, L., Kulakowska, M., Lanzuisi, A., and Morfoulaki, M. (2019, January 1\u20133). Game Based Learning on Urban Sustainability: The \u201cSustain\u201d Project. Proceedings of the 11th International Conference on Education and New Learning Technologies, Palma, Spain.","DOI":"10.21125\/edulearn.2019.2293"},{"key":"ref_50","doi-asserted-by":"crossref","first-page":"661","DOI":"10.1016\/j.compedu.2012.03.004","article-title":"A systematic literature review of empirical evidence on computer games and serious games","volume":"59","author":"Connolly","year":"2012","journal-title":"Comput. Educ."},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"1277","DOI":"10.1016\/j.compedu.2010.05.025","article-title":"Perceptions of the effectiveness of system dynamics-based interactive learning environments: An empirical study","volume":"55","year":"2010","journal-title":"Comput. Educ."},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"397","DOI":"10.1016\/j.cose.2011.03.001","article-title":"Modeling behavioral considerations related to information security","volume":"30","author":"Conrad","year":"2011","journal-title":"Comput. Secur."},{"key":"ref_53","unstructured":"Bier, A., and Anderson, B. (2013, January 21\u201325). Cooperation and Learning in Cyber-security Training Exercises. Proceedings of the 31st International Conference of the System Dynamics Society, Cambridge, MA, USA."},{"key":"ref_54","doi-asserted-by":"crossref","first-page":"404","DOI":"10.1002\/sres.2556","article-title":"Towards the Definition of a Dynamic and Systemic Assessment for Cybersecurity Risks","volume":"36","author":"Armenia","year":"2018","journal-title":"Syst. Res. Behav. Sci."},{"key":"ref_55","unstructured":"Zeijlemaker, S. (2022). Unravelling the Dynamic Complexity of Cyber-Security: Towards Identifying Core Systemic Structures Driving Cyber-Security Investment Decision-Making. [Ph.D. Thesis, Radboud University]."},{"key":"ref_56","unstructured":"Andersen, D., Moore, A.P., Stanton, J.M., Cappelli, D.M., Rich, E., Weaver, E.A., Gonzalez, J.J., Sarriegui, J.M., Zagonel, A., and Mojtahedzadeh, M. (2004, January 25\u201329). Preliminary System Dynamics Maps of the Insider Cyber-threat Problem. Proceedings of the 22nd International Conference of the Systems Dynamics Society, Oxford, UK."},{"key":"ref_57","unstructured":"Armenia, S., Cardazzone, A., and Carlini, C. (2014, January 10\u201312). Understanding Security Policies in the Cyber Warfare Domain through System Dynamics. Proceedings of the 4th International Defense and Homeland Security Simulation Workshop (DHSS 2014), International Multidisciplinary Modeling and Simulation Multi-conference (I3M 2014), Bordeaux, France."},{"key":"ref_58","unstructured":"ISACA (2015). CISM Review Manual 2015, ISACA."},{"key":"ref_59","doi-asserted-by":"crossref","first-page":"138","DOI":"10.1016\/j.im.2013.11.004","article-title":"Incident-centered information security: Managing a strategic balance between prevention and response","volume":"51","author":"Baskerville","year":"2014","journal-title":"Inf. Manag."},{"key":"ref_60","first-page":"81","article-title":"The Iterated Weakest Link, a Model of Adaptive Security Investment","volume":"7","author":"Moore","year":"2016","journal-title":"J. Inf. Sci."},{"key":"ref_61","unstructured":"Su, X. (2006). An Overview of Economic Approaches to Information Security Management, University of Twente, Information System Group."},{"key":"ref_62","unstructured":"Chismon, D., and Ruks, M. (2015). Threat Intelligence: Collecting, Analysing, Evaluating, MWR Info Security."},{"key":"ref_63","doi-asserted-by":"crossref","unstructured":"Syed, R. (2020). Cybersecurity vulnerability management: A conceptual ontology and cyber intelligence alert system. Inf. Manag., 57.","DOI":"10.1016\/j.im.2020.103334"},{"key":"ref_64","doi-asserted-by":"crossref","unstructured":"Vogus, J.T., and Sutcliffe, K.M. (2007, January 7\u201310). Organisational resilience: Towards a theory and research agenda. Proceedings of the IEEE International Conference on Systems, Man and Cybernetics, Montr\u00e9al, QC, Canada.","DOI":"10.1109\/ICSMC.2007.4414160"},{"key":"ref_65","doi-asserted-by":"crossref","first-page":"407","DOI":"10.1038\/nclimate2227","article-title":"Changing the resilience paradigm","volume":"4","author":"Linkov","year":"2014","journal-title":"Nat. Clim. Chang."},{"key":"ref_66","first-page":"60","article-title":"The Link between Diversity and Resilience","volume":"46","author":"Reinmoeller","year":"2005","journal-title":"MIT Sloan Manag. Rev."},{"key":"ref_67","doi-asserted-by":"crossref","first-page":"908","DOI":"10.1016\/j.ejor.2015.06.078","article-title":"Recent evidence on the effectiveness of group model building","volume":"249","author":"Scott","year":"2016","journal-title":"Eur. J. Oper. Res."},{"key":"ref_68","doi-asserted-by":"crossref","first-page":"309","DOI":"10.1002\/(SICI)1099-1727(199824)14:4<309::AID-SDR154>3.0.CO;2-5","article-title":"Expert knowledge elicitation to improve formal and mental models","volume":"14","author":"Ford","year":"1998","journal-title":"Syst. Dyn. Rev."},{"key":"ref_69","first-page":"209","article-title":"Tests for building confidence in system dynamics models","volume":"14","author":"Forrester","year":"1980","journal-title":"TIMS Stud. Manag. Sci."},{"key":"ref_70","doi-asserted-by":"crossref","first-page":"183","DOI":"10.1002\/(SICI)1099-1727(199623)12:3<183::AID-SDR103>3.0.CO;2-4","article-title":"Formal Aspects of Model validity and validation in system dynamics","volume":"12","author":"Barlas","year":"1996","journal-title":"Syst. Dyn. Rev."},{"key":"ref_71","doi-asserted-by":"crossref","first-page":"265","DOI":"10.1016\/0378-7206(94)90065-5","article-title":"Strategic information technology plan: A vital component in the corporate strategies of banks","volume":"26","author":"Liang","year":"1994","journal-title":"Inf. Manag."},{"key":"ref_72","doi-asserted-by":"crossref","first-page":"210","DOI":"10.1016\/j.im.2014.11.002","article-title":"Factors affecting adoption of online banking: A meta-analytic structural equation modeling study","volume":"52","author":"Montazemi","year":"2015","journal-title":"Inf. Manag."},{"key":"ref_73","unstructured":"(2016). European Network and Information Security Directive 2016\/1148 (NIS 2.0), European Commission."},{"key":"ref_74","unstructured":"(2020). Digital Operational Rescilience for Financial Services 2020\/0266 (DORA), European Commission."},{"key":"ref_75","doi-asserted-by":"crossref","first-page":"63","DOI":"10.1016\/S0378-7206(03)00027-2","article-title":"Strategic contributions of game rooms to knowledge management: Some prelimenary insights","volume":"41","author":"Desouza","year":"2003","journal-title":"Inf. Manag."},{"key":"ref_76","doi-asserted-by":"crossref","first-page":"686","DOI":"10.1126\/science.1193147","article-title":"Evidence for a Collective Intelligence Factor in the Performance of Human Groups","volume":"330","author":"Woolley","year":"2010","journal-title":"Science"},{"key":"ref_77","doi-asserted-by":"crossref","first-page":"293","DOI":"10.1037\/0033-295X.90.4.293","article-title":"Extensional versus intuitive reasoning: The conjunction fallacy in probability judgment","volume":"90","author":"Tversky","year":"1983","journal-title":"Psychol. Rev."},{"key":"ref_78","doi-asserted-by":"crossref","first-page":"223","DOI":"10.1086\/208859","article-title":"Familiarity and Its Impact on Consumer Decision Biases and Heuristics","volume":"8","author":"Park","year":"1981","journal-title":"J. Consum. Res."},{"key":"ref_79","doi-asserted-by":"crossref","first-page":"1333","DOI":"10.1016\/j.ejor.2005.04.006","article-title":"The affect heuristic","volume":"177","author":"Slovic","year":"2007","journal-title":"Eur. J. Oper. Res."},{"key":"ref_80","doi-asserted-by":"crossref","first-page":"502","DOI":"10.2307\/3094873","article-title":"Fool\u2019s Gold: Social Proof in the Initiation and Abandonment of Coverage by Wall Street Analysts","volume":"46","author":"Rao","year":"2001","journal-title":"Adm. Sci. Q."},{"key":"ref_81","doi-asserted-by":"crossref","unstructured":"Festinger, L. (1957). A Theory of Cognitive Dissonance, Row & Peterson.","DOI":"10.1515\/9781503620766"},{"key":"ref_82","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1037\/h0024514","article-title":"Failure to escape traumatic shock","volume":"74","author":"Seligman","year":"1967","journal-title":"J. Exp. Psychol."},{"key":"ref_83","doi-asserted-by":"crossref","unstructured":"Grossklags, J., Christin, N., and Chuang, J. (2008, January 14). Predicted and observed user behaviour in the weakest-link security game. Proceedings of the Workshop on Usability, Psychology, and Security, San Francisco, CA, USA.","DOI":"10.1109\/GAMENETS.2009.5137460"},{"key":"ref_84","doi-asserted-by":"crossref","unstructured":"Grossklags, J., and Reitter, R. (2014, January 19\u201322). How Task Familiarity and Cognitive Predispositions Impact Behaviour in a Security Game of Timing. Proceedings of the IEEE 27th Computer Security Foundations Symposium, Vienna, Austria.","DOI":"10.1109\/CSF.2014.16"},{"key":"ref_85","unstructured":"Nochenson, A., and Grossklags, J. (2013, January 11\u201312). A behavioural Investigation of the Flipit Game. Proceedings of the Workshop on the Economics of Information Security, Washington, DC, USA."}],"container-title":["Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2079-8954\/10\/2\/49\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T22:54:21Z","timestamp":1760136861000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2079-8954\/10\/2\/49"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,4,14]]},"references-count":85,"journal-issue":{"issue":"2","published-online":{"date-parts":[[2022,4]]}},"alternative-id":["systems10020049"],"URL":"https:\/\/doi.org\/10.3390\/systems10020049","relation":{},"ISSN":["2079-8954"],"issn-type":[{"value":"2079-8954","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,4,14]]}}}