Towards Understanding Cognitive Biases in Cybersecurity Governance

Gulet Barre; Tim Huygh; Dinh Khoi Nguyen; Arno Nuijten

doi:https://doi.org/ 10.18690/um.fov.4.2025.46

Towards Understanding Cognitive Biases in Cybersecurity Governance

Gulet Barre, Tim Huygh, Dinh Khoi Nguyen, Arno Nuijten

Research output: Chapter in Book/Report/Conference proceeding › Conference Article in proceeding › Academic › peer-review

Abstract

Cognitive biases can influence the decision-making of board
members and CISOs responsible for managing cyber risks.
However, limited attention has been given to understanding how
these biases affect cybersecurity governance, specifically in the
communication of risks between CISOs and boards. This paper
aims to address this gap by identifying cognitive biases and
proposing how these biases influence communication and
strategic decision-making in cybersecurity governance. By further
examining their impact, we strive to uncover the mechanisms that
contribute to underestimations or distortions in risk perception,
which can compromise an organization’s ability to respond
effectively to cyber threats. This short paper provides three
exemplary biases expected to influence communication and
decision-making in cybersecurity governance. Following the
initial results, we propose a series of interviews with CISOs to
reveal the challenges they face when communicating cyber risks
to boards, focusing on how biases influence the decisions
regarding cybersecurity risks.

Original language	English
Title of host publication	38th Bled eConference: Empowering Transformation
Subtitle of host publication	Shaping Digital Futures for All: Conference Proceedings
Editors	Andreja Pucihar, Mirjana Kljajic Borstnar, Roger W.H. Bons, Stasa Blatnik, Koen Smit, Marjeta Marolt, Matthias Glowatz
Publisher	University of Maribor Press
Pages	737-744
Number of pages	8
ISBN (Electronic)	978-961-286-998-4
DOIs	https://doi.org/ 10.18690/um.fov.4.2025.46
Publication status	Published - 2025

Publication series

Series	Bled eConference
Volume	38

Access to Document

https://doi.org/ 10.18690/um.fov.4.2025.46 Licence: CC BY

Cite this

Barre, G., Huygh, T., Nguyen, D. K., & Nuijten, A. (2025). Towards Understanding Cognitive Biases in Cybersecurity Governance. In A. Pucihar, M. Kljajic Borstnar, R. W. H. Bons, S. Blatnik, K. Smit, M. Marolt, & M. Glowatz (Eds.), 38th Bled eConference: Empowering Transformation: Shaping Digital Futures for All: Conference Proceedings (pp. 737-744). University of Maribor Press. https://doi.org/ 10.18690/um.fov.4.2025.46

Barre, Gulet ; Huygh, Tim ; Nguyen, Dinh Khoi et al. / Towards Understanding Cognitive Biases in Cybersecurity Governance. 38th Bled eConference: Empowering Transformation: Shaping Digital Futures for All: Conference Proceedings. editor / Andreja Pucihar ; Mirjana Kljajic Borstnar ; Roger W.H. Bons ; Stasa Blatnik ; Koen Smit ; Marjeta Marolt ; Matthias Glowatz. University of Maribor Press, 2025. pp. 737-744 (Bled eConference, Vol. 38).

@inproceedings{42979212db33446d93835e35cc58e1c9,

title = "Towards Understanding Cognitive Biases in Cybersecurity Governance",

abstract = "Cognitive biases can influence the decision-making of board members and CISOs responsible for managing cyber risks. However, limited attention has been given to understanding how these biases affect cybersecurity governance, specifically in the communication of risks between CISOs and boards. This paper aims to address this gap by identifying cognitive biases and proposing how these biases influence communication and strategic decision-making in cybersecurity governance. By further examining their impact, we strive to uncover the mechanisms that contribute to underestimations or distortions in risk perception, which can compromise an organization{\textquoteright}s ability to respond effectively to cyber threats. This short paper provides three exemplary biases expected to influence communication and decision-making in cybersecurity governance. Following the initial results, we propose a series of interviews with CISOs to reveal the challenges they face when communicating cyber risks to boards, focusing on how biases influence the decisions regarding cybersecurity risks.",

author = "Gulet Barre and Tim Huygh and Nguyen, \{Dinh Khoi\} and Arno Nuijten",

year = "2025",

doi = "https://doi.org/ 10.18690/um.fov.4.2025.46 ",

language = "English",

series = "Bled eConference",

publisher = "University of Maribor Press",

pages = "737--744",

editor = "Andreja Pucihar and \{Kljajic Borstnar\}, Mirjana and Bons, \{Roger W.H.\} and Stasa Blatnik and Koen Smit and Marjeta Marolt and Matthias Glowatz",

booktitle = "38th Bled eConference: Empowering Transformation",

address = "Slovenia",

}

Barre, G , Huygh, T, Nguyen, DK & Nuijten, A 2025, Towards Understanding Cognitive Biases in Cybersecurity Governance. in A Pucihar, M Kljajic Borstnar, RWH Bons, S Blatnik, K Smit, M Marolt & M Glowatz (eds), 38th Bled eConference: Empowering Transformation: Shaping Digital Futures for All: Conference Proceedings. University of Maribor Press, Bled eConference, vol. 38, pp. 737-744. https://doi.org/ 10.18690/um.fov.4.2025.46

Towards Understanding Cognitive Biases in Cybersecurity Governance. / Barre, Gulet ; Huygh, Tim; Nguyen, Dinh Khoi et al.
38th Bled eConference: Empowering Transformation: Shaping Digital Futures for All: Conference Proceedings. ed. / Andreja Pucihar; Mirjana Kljajic Borstnar; Roger W.H. Bons; Stasa Blatnik; Koen Smit; Marjeta Marolt; Matthias Glowatz. University of Maribor Press, 2025. p. 737-744 (Bled eConference, Vol. 38).

Research output: Chapter in Book/Report/Conference proceeding › Conference Article in proceeding › Academic › peer-review

TY - GEN

T1 - Towards Understanding Cognitive Biases in Cybersecurity Governance

AU - Barre, Gulet

AU - Huygh, Tim

AU - Nguyen, Dinh Khoi

AU - Nuijten, Arno

PY - 2025

Y1 - 2025

N2 - Cognitive biases can influence the decision-making of board members and CISOs responsible for managing cyber risks. However, limited attention has been given to understanding how these biases affect cybersecurity governance, specifically in the communication of risks between CISOs and boards. This paper aims to address this gap by identifying cognitive biases and proposing how these biases influence communication and strategic decision-making in cybersecurity governance. By further examining their impact, we strive to uncover the mechanisms that contribute to underestimations or distortions in risk perception, which can compromise an organization’s ability to respond effectively to cyber threats. This short paper provides three exemplary biases expected to influence communication and decision-making in cybersecurity governance. Following the initial results, we propose a series of interviews with CISOs to reveal the challenges they face when communicating cyber risks to boards, focusing on how biases influence the decisions regarding cybersecurity risks.

AB - Cognitive biases can influence the decision-making of board members and CISOs responsible for managing cyber risks. However, limited attention has been given to understanding how these biases affect cybersecurity governance, specifically in the communication of risks between CISOs and boards. This paper aims to address this gap by identifying cognitive biases and proposing how these biases influence communication and strategic decision-making in cybersecurity governance. By further examining their impact, we strive to uncover the mechanisms that contribute to underestimations or distortions in risk perception, which can compromise an organization’s ability to respond effectively to cyber threats. This short paper provides three exemplary biases expected to influence communication and decision-making in cybersecurity governance. Following the initial results, we propose a series of interviews with CISOs to reveal the challenges they face when communicating cyber risks to boards, focusing on how biases influence the decisions regarding cybersecurity risks.

U2 - https://doi.org/ 10.18690/um.fov.4.2025.46

DO - https://doi.org/ 10.18690/um.fov.4.2025.46

M3 - Conference Article in proceeding

T3 - Bled eConference

SP - 737

EP - 744

BT - 38th Bled eConference: Empowering Transformation

A2 - Pucihar, Andreja

A2 - Kljajic Borstnar, Mirjana

A2 - Bons, Roger W.H.

A2 - Blatnik, Stasa

A2 - Smit, Koen

A2 - Marolt, Marjeta

A2 - Glowatz, Matthias

PB - University of Maribor Press

ER -

Barre G , Huygh T, Nguyen DK, Nuijten A. Towards Understanding Cognitive Biases in Cybersecurity Governance. In Pucihar A, Kljajic Borstnar M, Bons RWH, Blatnik S, Smit K, Marolt M, Glowatz M, editors, 38th Bled eConference: Empowering Transformation: Shaping Digital Futures for All: Conference Proceedings. University of Maribor Press. 2025. p. 737-744. (Bled eConference, Vol. 38). doi: https://doi.org/ 10.18690/um.fov.4.2025.46

Towards Understanding Cognitive Biases in Cybersecurity Governance

Abstract

Publication series

Access to Document

Fingerprint

Cite this