The motivation for corporate leadership to engage with cyber risks is increasingly clear. Stories can be seen of cyber incidents which have crippled large-scale businesses, potentially for extended periods of time and at significant cost. Our contribution here explores a much under-researched area — perceptions of cybersecurity and cyber risk at the highest levels of an organisation — with the aim of developing a structured, scenario-driven and repeatable exercise for executive decisionmakers. We attempt to understand why cyber risk perception is an important concept but equally a challenging one to grasp. We address this by demonstrating an approach to risk articulation, in terms of systematically constructed scenarios, and assess whether this resonates with decision-makers. As part of this, we also attempt to assess cyber-risk decision-makers for their perception of wider business risks and stakeholders.
|Title of host publication||Workshop on Usable Security and Privacy (USEC) 2021|
|Publication status||Published - 7 May 2021|
|Event||Workshop on Usable Security and Privacy - Virtual, Auckland, New Zealand|
Duration: 7 May 2021 → 7 May 2021
|Workshop||Workshop on Usable Security and Privacy|
|Abbreviated title||USEC 2021|
|Period||7/05/21 → 7/05/21|