Risk Homeostasis and its impact on risk reduction

Risk Homeostasis

Eric Vanderburg

Gerald Wilde had a theory called risk homeostasis.  This theory hypothesizes that people have a level of acceptable risk.  When they perceive that there is less risk, they will take more risky actions to bring them to an acceptable level and when they perceive more risk, they will be more cautious.  Information security is very concerned with managing risk and reducing it to an organizationally acceptable level.  However, an organization is made up of many people and they may have a different level of acceptable risk than the organization does.  If the theory of risk homeostasis is applied to information security, individuals will take riskier actions when the organization implements controls to make them safer or when they perceive the environment to be safer.

This has far reaching ramifications for those in information security because the perceptions of risk by the individual may differ greatly from the actual risk.  Despite awareness of information security breaches in the news and the overwhelming statistics that a data breach is likely, people still have difficulty accepting that a breach could happen to them.  It all comes down to perceptions.  With Wilde’s theory, if a high risk is perceived then users will be more cautious and that is where the security minded organization wants to be.  So the question is, does the risk homeostasis theory hold water and if so, how do organizations manage perceptions in information security?

 

Comments

  1. Sabo Jones says

    Someone necessarily assist to make critically posts I would state. That is the first time I frequented your website page and so far? I amazed with the research you made to create this particular article. incredible and magnificent job!

  2. Hipolito M. Wiseman says

    I just want to say I’m all new to blogging and site-building and seriously liked your web-site. Almost certainly I’m planning to bookmark your blog . You definitely come with awesome stories. Thanks for writing on your web-site.

  3. Henry says

    You have an excellent blog here. I really enjoy reading security spotlight and the information security articles you write.

  4. Yousef says

    I much like the helpful data you offer in the content.I will bookmark your blog and verify yet again listed here usually.I am extremely sure I’ll master a whole lot of latest stuff suitable listed here! Beneficial luck for that future!

  5. Ralph says

    I very much like the important information you supply in your posts. I will bookmark security spotlight and check back again frequently. I’m certain I will gain knowledge of quite a lot of information security.

  6. Rosie says

    I appreciate the significant info you deliver in your own article’s content. I will bookmark your weblog and check back often. I learn a lot from what you post here! I can’t wait for your next blog.

  7. scustipucky says

    A very interesting idea. Way to go Wilde. I just gave this onto a colleague who was doing research on risk management. I am going to read more on risk homeostasis.

  8. Ursula Gibbons says

    Hello there! Do you use Twitter? I’d like to follow you if that would be okay. I’m undoubtedly enjoying your blog and look forward to new updates.

  9. Paul Wong says

    Appreciating the time and energy you put into your website and detailed information you present. It’s nice to come across a blog every once in a while that isn’t the same outdated rehashed material. Fantastic read! I’ve bookmarked your site and I’m adding your RSS feeds to my Google account.

  10. Vic Napier says

    Eric:
    Read Montague argues that the brain runs simulations of future events very rapidly and constatly in Why Choose This Book? I just moved and all my books are still in boxes,so I can’t supply direct references, but Montague included a very coomplete reference list supporting his assertions.
    Vic Napier
    vic@vicnapier.com

  11. Vic Napier says

    The problem with risk homeostasis is that it is very hard to define and measure in individuals. The theory seems to explain the behavior of groups, and is a useful model when creating or modifying systems, as addressed in this article. However, new fMRI and neural network research is giving empirical support to the theory. It seems possible that the brain runs constant emulations of the outcomes of various future events and adjusts behavior accordingly. The jury is still out, but Dr. Wilde may be vindicated in the end.

Leave a Reply

Your email address will not be published. Required fields are marked *