Risk Perception, Trust and Credibility

1
Risk Perception, Trust and Credibility

• Cmpe 471-03
• fall 2001

2
SECURITY

• SCOPE
• Analyse security from a social sciences point of
  view rather than technical
• Security is a cost that has to be justified
• Perception of risks determine the level of
  security that needs to be implemented

3
SECURITY

• debate on companies should understand how much
  security is needed before designing bulky
  security systems especially in internet
  applications
• understand how risks are perceived by different
  stakeholders namely customers
• understand the factors that contribute to forming
  and changing risk perception.

4
RISK

• Possibility of suffering harm or loss, a factor,
  course or element involving uncertain danger

5
OPPORTUNITY THREAT
6
THEORETICAL FRAMEWORK

• Important parameter in designing security systems
  is the COST
• RISK ASSESSMENT
• Risk perception
• psychological theory of risk how the general
  public reacts to uncertainities of danger, and
  how this general reaction affects individual
  behaviour.
• cultural theory of risk Risk perception differs
  depending on the social group belief system an
  individual belongs to (Douglas 1970)

7
Reacting to Threats
THREAT
RESPONSE
communication
RISK PERCEPTION
Passive Reaction
8
Reacting to Threats
RISK MANAGEMENT
External danger
RISK PERCEPTION
Organisation Structure
Shared Meaning and Trust
9
CULTURAL THEORY

• When we try to think of the individual in a
  social context, we normally think of the
  corporate group or groups to which they belong.
• Individuals also have constraining
  classifications within the group hierarchy,
  kinship, race, gender, age...

10
CULTURAL THEORY
Four types of social environment and cultural
biases (Douglas 1970)
Fatalists
Hierarchists
B
C
Grid (Individual)
Individualist
Egalitarians
A
D
Group (Social incorporation)
11
CULTURAL THEORY

• A competitive, control people, autonomy see
  risks with opportunities
• B no voluntary risk taking, but accept it as a
  given, no personal autonomy
• C group is emphasised division of labour,
  specialisation, segregation of duties. Take risks
  iff it is approved by experts hierarchical
  authority
• D members get their support from the group no
  formal delegation. The group dissolves in the
  absence of strong leadership

Fatalists
Hierarchists
B
C
individual
Individualist
Egalitarians
A
D
group
12
CULTURE AND RISK

• Risk behaviour is a function of how human beings,
  individually and in groups, perceive their place
  in the world.
• It is important to understand the role of culture
  in stakeholder interaction in order to understand
  cultural biases in risk perception.

13
STAKEHOLDER MODEL

• Stakeholders
• Users information user
• Suppliers information provider and systems
  developer
• Others systems manager
• Each stakeholder group has a differing
  perceptions of same risk.
• Stakeholders can be grouped within themselves
  depending on the social groups they belong to
  rather than roles they assume.

14
STAKEHOLDER MODEL
Links stakeholder model with the cultural theory
15
STAKEHOLDER MODEL

• Individuals have different cultural biases and
  have different perceptions of risk
• computer privacy and security rules are different
  in different countries
• Singapore, Japan, US, Canada
• Grouping stakeholders is not enough for designing
  IS.

16
RISK COMMUNICATION

• It is important to know the cultural backgrounds
  of the stakeholders
• how they perceive risks
• how they communicate risks
• risk communication theory
• risk communication model

17
RISK COMMUNICATION

• Past
• risk communication as one way to general public
  from government
• efforts to improve risk communication
• to get the message across by describing the
  magnitude and balance of the attendant costs and
  benefits

18
RISK COMMUNICATION

• The costs and benefits are equally distributed
  across a society
• People do not agree about which events or actions
  do the most harm or which benefits are more worth
  seeking.

19
RISK COMMUNICATION

• US National Research Counsil (1989)
• Risk communication is an interactive process of
  exchange of information and opinion among
  individuals, groups and institutions. It involves
  multiple messages about the nature of the risk
  and other messages, not strictly about risk, that
  express concerns, opinions and reactions to risk
  messages or to legal and institutional
  arrangements for risk management.

Top-down definition of risk
20
RISK COMMUNICATION

• Risk Communication
• risks posed to stakeholders on the web are
  technological hazards
• classical risk communication model
• sources
• transmitters
• receivers

Certain aspects of risks are intensified or
attenuated
21
CULTURE
Risk Event
Transmitters Media Institutions/Agencies Inte
rest Groups Opinion Leaders
Two-way interaction
Sources Scientists Agencies Interest
Groups Eyewitnesses
Portrayal of Event with symbols, signals and
images by the Sources
Receivers General Public Affected
Organisations/Institutions Social
Groups Other target audience
feedback
22
Initial Information
HEAR
CULTURE SOCIAL FASHION PERSONAL VALUES RELATED
ATTITUDES INFLUENCES
Appeal
Do not Appeal
UNDERSTAND
BELIEVE
New Information
PERSONALIZE
RESPOND
23
Communication

• The recipient hears the information and then
  screens it based on social fashion, personal
  values, attitudes under the influence from peer
  groups
• cultural forces before understanding the message
• Believing involves acceptance that the
  understanding is correct
• the risk is real
• Personalisation
• the risk event will affect the receiver
• Response
• decision to take action for protection from risk

24
Communication

• Credibility of information sources and
  transmitters is a key issue in risk communication

25
TRUST AND CONFIDENCE VS CREDIBILITY

• Trust is an important ingredient in any trade
  transaction
• Trust acts as the mitigating factor for the risks
  assumed by one party on the party in the trade
• As trust increases the risks either reduce or
  become manageable by the trusting party
• Existence of trust also reduces the transaction
  cost in a trade

26
TRUST
For effective communication of risks it is
critically important that receivers place trust
on the sources and transmitters (Lee 1986)
Five levels of trust analysis framework
27
INSTITUTIONAL CREDIBILITY

• Confidence in business and economic organisations
  depends on the perceived quality of their
  services, but also on the employment situation,
  the perception of power monopolies in business,
  the observation of allegedly unethical behaviour
  and the confidence in other institutions
• Confidence in political institutions depends on
  their performance record and openness, but in
  addition on the perception of a political crisis,
  the belief that the government is treating
  everyone fair and equally, the belief in
  functioning of checks and balances, the
  perception of hidden agendas, and the confidence
  in other institutions

28
INSTITUTIONAL CREDIBILITY

• The more educated people are, the more they
  express confidence in the system, but the more
  they are also disappointed about the performance
  of the people representing the system
• Political conservatism correlates positively with
  confidence in business and negatively with
  government and public service

29
INSTITUTIONAL CREDIBILITY

• The social climate pre-sets the conditions under
  which an institution has to operate to gain and
  maintain trust
• in a positive climate people invest more in trust
  institutions
• in a negative climate people tend to caution and
  seek to have more control

30
Risk Perception, Trust and Credibility

• Hypothesis
• once trust and credibility exist in a
  relationship among the stakeholders during risk
  communication, stakeholders do not get involved
  in the analysis of risk factors individually, and
• information systems security becomes less
  important to people when dealing with a
  trustworthy and credible institution.

31
Risk Perception, Trust and Credibility

• Personality of the communicator with attributes
  of ability and integrity are also important in
  establishing trust.
• Overall message, communicator, institution, and
  the social context are the major factors in
  establishing trust within an organisation.

32
Risk Perception, Trust and Credibility

• Inferential analysis
• inverse correlation between trust and security on
  the internet
• the higher the trust placed on an organisation
  the lower was the security concern.