Passive- and not active-risk tendencies predict cyber security behavior

Isabel Arend, Asaf Shabtai, Tali Idan, Ruty Keinan, Yoella Bereby-Meyer

Research output: Contribution to journalArticlepeer-review

12 Scopus citations


Vulnerabilities to online cyber-related crime are typically the result of poor decisions on the part of users. To date, research on risk-taking behavior applied to cyber-security situations has concentrated mainly on the risks that stem from active behavioral choices (e.g., opening an attachment from an unknown sender). However, risk may result from the failure to implement an action (e.g., not strengthening a password). These two types of risk have been differentiated and termed active- and passive-risk behaviors. We conducted two studies (Study 1 and Study 2) that examine how self-reported active- and passive-risk behaviors predict cyber-security behavioral intentions. In Study 3, we examine how active and passive risk relate to actual cyber-security behavior. The results show that cyber-security behavioral intentions and actual cyber behaviors are significantly correlated with self-reported individual differences in passive-risk behavior but not in active-risk behavior. We discuss the theoretical and practical implications of these findings.

Original languageEnglish
Article number101929
JournalComputers and Security
StatePublished - 1 Sep 2020


  • Cyber intentions
  • Cyber security
  • Passive risk
  • Risk behavior
  • Security

ASJC Scopus subject areas

  • General Computer Science
  • Law


Dive into the research topics of 'Passive- and not active-risk tendencies predict cyber security behavior'. Together they form a unique fingerprint.

Cite this