Cybersecurity Regrets: I’ve had a few.... Je Ne Regrette

Abstract

James Baldwin says: “though we would like to live without regrets, and sometimes proudly insist that we have none, this is not really possible, if only because we are mortal”. The field of cybersecurity has its fair share of poor outcomes, some of which are bound to be due to regrettable actions. Similar to other negative emotions, such as fear and shame, it is likely that organisations are using anticipated regret as a behavioural control mechanism in the cybersecurity domain. We explore the nature and characteristics of cyber-related regrets, and the extent to which regret (both anticipated and experienced) influences future cybersecurity decisions. We derive a process model of regret and report on the way cybersecurity regrets occur, what their outcomes are, and how people experience them. We conclude with suggested directions for future research.