This paper reports on a study that examined the perceptions of computer users in regard to the risks to their organisation’s information systems (ISs). A total of 12 employees from a local government organisation were interviewed in accordance with the Repertory Grid Technique (RGT). These structured interviews elicited a total of 110 constructs which represented individual thoughts, beliefs and views pertaining to information security (InfoSec) risks. These constructs were hermeneutically allocated into 28 categories of risk perception and then analysed via Content Analysis and Principal Component Analysis (PCA) to identify perceptions of IS risks and to uncover the major situational factors that influence these perceptions. The findings indicate that the local government participants perceived that the most serious risk to their organisation’s ISs was that systems will become unusable or unavailable such that large costs would be incurred to restore services and to maintain productivity. The situational factor that had the most influence on this IS risk perception was the type of loss suffered.