This report presents the results of a study conducted to improve understanding of cyber security risk preferences by leveraging past research on public health risk preferences. Cyber security shares many similarities with public health—in cyberspace, the insecurity of individual Internet users that often permits distributed attacks to occur is analogous to populations of sick individuals that facilitate infectious diseases transmission due to poor public health practices. Because individuals’ insecure computers can be turned into bots that spread attack vulnerabilities, similar to an infectious disease epidemic, developing a baseline of individual risk perceptions will help to improve understanding of individuals’ view of risks to themselves and to society from cyber security threats.   

Building off of a public health framework, vaccines were identified as a prevention measure that has many similarities to antimalware software that is used to help prevent successful cyber threats.  To assess the public risk preferences for using antimalware software, a survey instrument was developed that leveraged public health research on individual perceptions of threats and related preventative measures.  Using this public health framework, the results and data analysis in this report focus on how experience with antimalware, exposure to malware, and general risk aversion might influence what costs and benefits most affect the utility that individuals derive from antimalware software. 

As in public health, such information can be used to inform both private companies developing cyber security products and services and government agencies designing policy and regulatory strategies for improving cyber security.