Perception Drives Action: How Security and Privacy are Perceived and What to Do About it

An old adage in IT security circles? goes like this: perception drives action. That means, the awareness of specific risks informs the actions that are undertaken to mitigate, avoid or ignore those risks.

We know that not all our users can be aware. We also know that those who can be aware sometimes are not.

The Perception of Risk and Value
We assume that the decision to use a service is based on the users’ risk perception and the users’ value perception of that service. For example, if it seems risky to use

(aka cost-benefit-ratio)

But how do we change that?
Marketing: Showing the customer the real value and risk

– X increases perceived value
– Telling people the car accident rates of self-driving cars decreases perceived risk

This is an example of Facebook value perception

If you tell people that Facebook sells data about young adults with suicidal intentions, the risk perception changes. That doesn’t mean they change their view, but they might incorporate it into their perception of the service.