Abstract
AbstractInstalling software updates is one of the most important security actions that people can take to protect their computer systems. However, people often delay installing updates. Why would people delay installation of security updates, knowing that these updates may reduce the risk of information loss from attacks? In a laboratory experiment, we studied how people learn to make update decisions from past experiences. In a simulated “work” environment, participants could defend against low probability and high impact losses, by installing a security update. The cost of updates was variable; participants could update immediately for a high cost or wait to update for free, risking increased exposure to attacks and losses. Thus, the optimal decision was to update immediately when the update was made available. The results from our experiment indicate people learn from experience to delay security updates. The cost of the update and individual risk preference both significantly predicted the tendency to delay the update; people with higher willingness to take risks may be more likely to neglect to update, keeping the status quo even when it may be sub-optimal. We discuss the implications of these findings for the design of interventions to reduce delays in update installations.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
