Decision-making and biases in cybersecurity capability development: Evidence from a simulation game experiment
Author(s)
Jalali, Seyed Mohammad Javad; Siegel, Michael D; Madnick, Stuart E
Download1-s2.0-S0963868717304353-main.pdf (3.806Mb)
PUBLISHER_CC
Publisher with Creative Commons License
Creative Commons Attribution
Terms of use
Metadata
Show full item recordAbstract
We developed a simulation game to study the effectiveness of decision-makers in overcoming two complexities in building cybersecurity capabilities: potential delays in capability development; and uncertainties in predicting cyber incidents. Analyzing 1479 simulation runs, we compared the performances of a group of experienced professionals with those of an inexperienced control group. Experienced subjects did not understand the mechanisms of delays any better than inexperienced subjects; however, experienced subjects were better able to learn the need for proactive decision-making through an iterative process. Both groups exhibited similar errors when dealing with the uncertainty of cyber incidents. Our findings highlight the importance of training for decision-makers with a focus on systems thinking skills, and lay the groundwork for future research on uncovering mental biases about the complexities of cybersecurity. Keywords: Cybersecurity; Decision-making; Simulation; Capability development
Date issued
2018-09Department
Sloan School of ManagementJournal
Journal of Strategic Information Systems
Publisher
Elsevier
Citation
Jalali, Mohammad S. et al. “Decision-Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment.” The Journal of Strategic Information Systems (September 2018) © 2018 The Authors
Version: Final published version
ISSN
0963-8687