Final published version
Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - The effect of decentralized behavioral decision making on system-level risk
AU - Kaivanto, Kim
PY - 2014/12
Y1 - 2014/12
N2 - Certain classes of system-level risk depend partly on decentralized lay decision making. For instance, an organization's network security risk depends partly on its employees' responses to phishing attacks. On a larger scale, the risk within a financial system depends partly on households' responses to mortgage sales pitches. Behavioral economics shows that lay decision makers typically depart in systematic ways from the normative rationality of Expected Utility (EU), and instead display heuristics and biases as captured in the more descriptively accurate Prospect Theory (PT). In turn psychological studies show that successful deception ploys eschew direct logical argumentation and instead employ peripheral-route persuasion, manipulation of visceral emotions, urgency, and familiar contextual cues. The detection of phishing emails and inappropriate mortgage contracts may be framed as a binary classification task. Signal Detection Theory (SDT) offers the standard normative solution, formulated as an optimal cutoff threshold, for distinguishing between good/bad emails or mortgages. In this paper we extend SDT behaviorally by re-deriving the optimal cutoff threshold under PT. Furthermore we incorporate the psychology of deception into determination of SDT's discriminability parameter. With the neo-additive probability weighting function, the optimal cutoff threshold under PT is rendered unique under well-behaved sampling distributions, tractable in computation, and transparent in interpretation. The PT-based cutoff threshold is (i) independent of loss aversion and (ii) more conservative than the classical SDT cutoff threshold. Independently of any possible misalignment between individual-level and system-level misclassification costs, decentralized behavioral decision makers are biased toward under-detection, and system-level risk is consequently greater than in analyses predicated upon normative rationality.
AB - Certain classes of system-level risk depend partly on decentralized lay decision making. For instance, an organization's network security risk depends partly on its employees' responses to phishing attacks. On a larger scale, the risk within a financial system depends partly on households' responses to mortgage sales pitches. Behavioral economics shows that lay decision makers typically depart in systematic ways from the normative rationality of Expected Utility (EU), and instead display heuristics and biases as captured in the more descriptively accurate Prospect Theory (PT). In turn psychological studies show that successful deception ploys eschew direct logical argumentation and instead employ peripheral-route persuasion, manipulation of visceral emotions, urgency, and familiar contextual cues. The detection of phishing emails and inappropriate mortgage contracts may be framed as a binary classification task. Signal Detection Theory (SDT) offers the standard normative solution, formulated as an optimal cutoff threshold, for distinguishing between good/bad emails or mortgages. In this paper we extend SDT behaviorally by re-deriving the optimal cutoff threshold under PT. Furthermore we incorporate the psychology of deception into determination of SDT's discriminability parameter. With the neo-additive probability weighting function, the optimal cutoff threshold under PT is rendered unique under well-behaved sampling distributions, tractable in computation, and transparent in interpretation. The PT-based cutoff threshold is (i) independent of loss aversion and (ii) more conservative than the classical SDT cutoff threshold. Independently of any possible misalignment between individual-level and system-level misclassification costs, decentralized behavioral decision makers are biased toward under-detection, and system-level risk is consequently greater than in analyses predicated upon normative rationality.
KW - prospect theory
KW - signal detection theory
KW - spear phishing
KW - system-level risk
KW - psychology of deception
U2 - 10.1111/risa.12219
DO - 10.1111/risa.12219
M3 - Journal article
VL - 34
SP - 2121
EP - 2142
JO - Risk Analysis
JF - Risk Analysis
SN - 0272-4332
IS - 12
ER -