Towards Understanding Cognitive Biases in Cybersecurity Governance
Synopsis
Cognitive biases can influence the decision-making of board members and CISOs responsible for managing cyber risks. However, limited attention has been given to understanding how these biases affect cybersecurity governance, specifically in the communication of risks between CISOs and boards. This paper aims to address this gap by identifying cognitive biases and proposing how these biases influence communication and strategic decision-making in cybersecurity governance. By further examining their impact, we strive to uncover the mechanisms that contribute to underestimations or distortions in risk perception, which can compromise an organization’s ability to respond effectively to cyber threats. This short paper provides three exemplary biases expected to influence communication and decision-making in cybersecurity governance. Following the initial results, we propose a series of interviews with CISOs to reveal the challenges they face when communicating cyber risks to boards, focusing on how biases influence the decisions regarding cybersecurity risks.
Downloads
Pages
737-744
Published
June 9, 2025
Series
Categories
Copyright (c) 2025 University of Maribor, University Press
How to Cite
Barre, G., Huygh, T., Nguyen, D. K., & Nuijten, A. (2025). Towards Understanding Cognitive Biases in Cybersecurity Governance. In A. Pucihar, M. Kljajić Borštnar, S. Blatnik, M. Marolt, R. W. H. Bons, K. Smit, & M. Glowatz (Eds.), & (Ed.), 38th Bled eConference: Empowering Transformation: Shaping Digital Futures for All: Conference Proceedings (pp. 737-744). University of Maribor Press. https://press.um.si/index.php/ump/catalog/book/947/chapter/631
