Download This PaperDecision-Making and Biases in Cybersecurity Capability Development: Evidence From a Simulation Game Experiment
18 Pages Posted: 15 Apr 2019
There are 2 versions of this paper
Decision-Making and Biases in Cybersecurity Capability Development: Evidence from a Simulation Game Experiment
Date Written: September 1, 2018
Abstract
We developed a simulation game to study the effectiveness of decision-makers in overcoming two complexities in building cybersecurity capabilities: potential delays in capability development; and uncertainties in predicting cyber incidents. Analyzing 1479 simulation runs, we compared the performances of a group of experienced professionals with those of an inexperienced control group. Experienced subjects did not understand the mechanisms of delays any better than inexperienced subjects; however, experienced subjects were better able to learn the need for proactive decision-making through an iterative process. Both groups exhibited similar errors when dealing with the uncertainty of cyber incidents. Our findings highlight the importance of training for decision-makers with a focus on systems thinking skills, and lay the groundwork for future research on uncovering mental biases about the complexities of cybersecurity.
Suggested Citation: Suggested Citation
Michael Siegel
Massachusetts Institute of Technology (MIT) - Sloan School of Management ( email )
E53-323
Cambridge, MA 02142
United States
617-253-2937 (Phone)
617-258-7579 (Fax)
Stuart E. Madnick (Contact Author)
Massachusetts Institute of Technology (MIT) - Sloan School of Management ( email )
E53-321
Cambridge, MA 02142
United States
617-253-6671 (Phone)
617-253-3321 (Fax)