Decision-making and biases in cybersecurity capability development: Evidence from a simulation game experiment

Jalali, Mohammad S.; Siegel, Michael; Madnick, Stuart

Author(s)

Jalali, Seyed Mohammad Javad; Siegel, Michael D; Madnick, Stuart E

Download1-s2.0-S0963868717304353-main.pdf (3.806Mb)

PUBLISHER_CC

Terms of use

Creative Commons Attribution 4.0 International license https://creativecommons.org/licenses/by/4.0/

Metadata

Show full item record

Abstract

We developed a simulation game to study the effectiveness of decision-makers in overcoming two complexities in building cybersecurity capabilities: potential delays in capability development; and uncertainties in predicting cyber incidents. Analyzing 1479 simulation runs, we compared the performances of a group of experienced professionals with those of an inexperienced control group. Experienced subjects did not understand the mechanisms of delays any better than inexperienced subjects; however, experienced subjects were better able to learn the need for proactive decision-making through an iterative process. Both groups exhibited similar errors when dealing with the uncertainty of cyber incidents. Our findings highlight the importance of training for decision-makers with a focus on systems thinking skills, and lay the groundwork for future research on uncovering mental biases about the complexities of cybersecurity. Keywords: Cybersecurity; Decision-making; Simulation; Capability development

Date issued

2018-09

URI

http://hdl.handle.net/1721.1/120555

Department

Sloan School of Management

Journal

Journal of Strategic Information Systems

Publisher

Elsevier

Citation

Jalali, Mohammad S. et al. “Decision-Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment.” The Journal of Strategic Information Systems (September 2018) © 2018 The Authors

Version: Final published version

ISSN

0963-8687

Collections

MIT Open Access Articles

MIT Libraries homeDSpace@MIT