Professional Environment Matters – National Characteristics of Information Security Overconfidence

Overconfidence leads employees to take unnecessary risks. In information security, however, risk-taking is not an advantage, as it makes people susceptible to security breaches and misjudges their ability to detect potential threats. Employees overestimating their information security capabilities can result in incidents with severe financial consequences for a company. While prior research has proven that individuals’ overconfidence differs depending on their nationality, the cause and extent remain unclear and even contradictory. In this paper, we analyze the impact of national individualism on overconfidence to understand and reduce it in information security. Our large-scale survey determines overestimation, overprecision, and overplacement of 3,776 employees in an internationally operating company. Furthermore, we find different levels of overconfidence between Western European countries and the United States. Our findings will help companies to better target measures against information security overconfidence.