Risk Homeostasis and its impact on risk reduction

Gerald Wilde had a theory called risk homeostasis.  This theory hypothesizes that people have a level of acceptable risk.  When they perceive that there is less risk, they will take more risky actions to bring them to an acceptable level and when they perceive more risk, they will be more cautious.  Information security is very concerned with managing risk and reducing it to an organizationally acceptable level.  However, an organization is made up of many people and they may have a different level of acceptable risk than the organization does.  If the theory of risk homeostasis is applied to information security, individuals will take riskier actions when the organization implements controls to make them safer or when they perceive the environment to be safer.

This has far reaching ramifications for those in information security because the perceptions of risk by the individual may differ greatly from the actual risk.  Despite awareness of information security breaches in the news and the overwhelming statistics that a data breach is likely, people still have difficulty accepting that a breach could happen to them.  It all comes down to perceptions.  With Wilde’s theory, if a high risk is perceived then users will be more cautious and that is where the security minded organization wants to be.  So the question is, does the risk homeostasis theory hold water and if so, how do organizations manage perceptions in information security?

 

Share Button

30 thoughts on “Risk Homeostasis and its impact on risk reduction

  1. The problem with risk homeostasis is that it is very hard to define and measure in individuals. The theory seems to explain the behavior of groups, and is a useful model when creating or modifying systems, as addressed in this article. However, new fMRI and neural network research is giving empirical support to the theory. It seems possible that the brain runs constant emulations of the outcomes of various future events and adjusts behavior accordingly. The jury is still out, but Dr. Wilde may be vindicated in the end.

    View Comment
  2. Eric:
    Read Montague argues that the brain runs simulations of future events very rapidly and constatly in Why Choose This Book? I just moved and all my books are still in boxes,so I can’t supply direct references, but Montague included a very coomplete reference list supporting his assertions.
    Vic Napier
    vic@vicnapier.com

    View Comment
  3. Appreciating the time and energy you put into your website and detailed information you present. It’s nice to come across a blog every once in a while that isn’t the same outdated rehashed material. Fantastic read! I’ve bookmarked your site and I’m adding your RSS feeds to my Google account.

    View Comment
  4. I appreciate the significant info you deliver in your own article’s content. I will bookmark your weblog and check back often. I learn a lot from what you post here! I can’t wait for your next blog.

    View Comment
  5. I very much like the important information you supply in your posts. I will bookmark security spotlight and check back again frequently. I’m certain I will gain knowledge of quite a lot of information security.

    View Comment
  6. I much like the helpful data you offer in the content.I will bookmark your blog and verify yet again listed here usually.I am extremely sure I’ll master a whole lot of latest stuff suitable listed here! Beneficial luck for that future!

    View Comment
  7. I just want to say I’m all new to blogging and site-building and seriously liked your web-site. Almost certainly I’m planning to bookmark your blog . You definitely come with awesome stories. Thanks for writing on your web-site.

    View Comment
  8. Someone necessarily assist to make critically posts I would state. That is the first time I frequented your website page and so far? I amazed with the research you made to create this particular article. incredible and magnificent job!

    View Comment

Leave a Reply