Fifty Shades of Orange: Construal Levels, Cognitive Biases, and The Amber Dilemma in Cybersecurity Risk Communication

Authors

Gulet Barre
Open University of the Netherlands, Faculty of Science
https://orcid.org/0000-0002-9826-8624
Dinh Khoi Nguyen
University of Jyväskylä, Faculty of Information Technology
Tim Huygh
Open University of the Netherlands, Faculty of Science
https://orcid.org/0000-0003-4564-7994
Arno Nuijten
Open University of the Netherlands, Faculty of Science , Erasmus University Rotterdam, Erasmus School of Accounting and Assurance , University of Pretoria, Faculty of Economic and Management Sciences
https://orcid.org/0000-0002-6701-8040
DOI: https://doi.org/10.18690/um.fov.4.2026.10

Synopsis

Board-level decisions on cybersecurity risks are strongly shaped by how information is communicated. Traffic light reporting offers simplicity, but especially the amber light leads to inconsistent interpretations. This paper applies Construal Level Theory (CLT) to explore how psychological distance structures risk responses. Based on interviews with 11 CISOs, we focus on four exemplary biases arising from psychological distance in board-level risk perception. Our results indicate that these biases are not random flaws in judgement but patterned outcomes of directors’ and executives’ construal levels, influencing whether risks are seen in abstract or concrete terms. Our contribution lies in applying CLT to cybersecurity governance, demonstrating how psychological distance shapes board-level biases, and highlighting how CISOs can manage psychological distance through framing and narrative to support more balanced decision-making. Future work will conduct additional CISO interviews and design an experiment to test how psychological distance shapes board responses to amber risk signals.

Author Biographies

Gulet Barre, Open University of the Netherlands, Faculty of Science

Limburg, the Netherlands. E-mail: gulet.barre@ou.nl

Dinh Khoi Nguyen, University of Jyväskylä, Faculty of Information Technology

Jyväskylä, Finland. E-mail: khoi.d.nguyen@jyu.fi

Tim Huygh, Open University of the Netherlands, Faculty of Science

Dr. Tim Huygh is assistant professor at the department of information science at the faculty of science of the Open Universiteit, the Netherlands. He is also a visiting professor at the Antwerp Management School. He received his PhD in 2019 on IT governance from the University of Antwerp. His research interests include the governance and (strategic) management of information and technology, information security governance, and cyber resilience. His research has been published in SCI-indexed journals like Information Systems Journal (ISJ) and Decision Support Systems (DSS), and various conference proceedings including the International Conference on Information Systems (ICIS) and the Hawaii International Conference on System Sciences (HICSS). He also co-authored three books on the topic of IT governance (published by Springer). Since 2020, he is co-chairing the minitrack “IT governance and its mechanisms” at HICSS.

Limburg, the Netherlands. E-mail: tim.huygh@ou.nl

Arno Nuijten, Open University of the Netherlands, Faculty of Science, Erasmus University Rotterdam, Erasmus School of Accounting and Assurance, University of Pretoria, Faculty of Economic and Management Sciences

Limburg, the Netherlands. E-mail: arno.nuijten@ou.nl

Volume

39th Bled eConference: Co-Creating Human-Centred and Responsible Digital Futures; Conference Proceedings

Pages

163-176

Published

June 5, 2026

Series

Bled eConference

Categories

Copyright (c) 2026 University of Maribor, University of Maribor Press

License

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

Barre, G., Khoi Nguyen, D., Huygh, T., & Nuijten, A. (2026). Fifty Shades of Orange: Construal Levels, Cognitive Biases, and The Amber Dilemma in Cybersecurity Risk Communication. In D. Vidmar, A. Pucihar, M. Kljajić Borštnar, R. W. H. Bons, M. Glowatz, & H.-D. Zimmermann (Eds.), & (Ed.), 39th Bled eConference: Co-Creating Human-Centred and Responsible Digital Futures; Conference Proceedings (Vols. 39., pp. 163-176). University of Maribor Press. https://doi.org/10.18690/um.fov.4.2026.10