Fundamental attribution error

Published by admin on

Name of concept

Fundamental attribution error

Description

The fundamental attribution error suggests that people overestimate the influence of someone’s dispositions and personality in their behaviour, and underestimate the role, or even power, of the situation that people are in. This means that when people are confronted with unexpected behaviours from others, people tend to draw conclusions about what these people are like based on that behaviour, instead of assessing whether the specific situation they were in when they performed the behaviour might have played a role. For instance, when seeing a stranger at the train station who looks grumpy, people are more likely to assume that that is a grumpy person, rather than entertaining the idea that a late train might have caused this person to be grumpy only temporarily.

Application within the field of cybersecurity

The fundamental attribution error is a problem in cybersecurity in terms of perceptions of culpability. When an organisation becomes the victim of a cyberattack, people within the organisation, as well as the wider society, explains this in two ways: 1) the organisation must not have had its cybersecurity in order, otherwise this attack would not have happened, or 2) the end-user who caused the incident (e.g., by clicking on a phishing link) is so stupid, they caused this themselves. In addition, others usually look at these incidents thinking that they will not be as ‘stupid’ themselves. In reality, there are a multitude of environmental factors that play a role in cyberattacks. Some of these include bad luck, as a cybercriminal only needs one successful attack to gain access, while people defending the organisation and its systems need to be prepared for all eventualities. Others include the notion that end-users often have many responsibilities and might be under pressure to complete a deliverable before a tight deadline, resulting in less attention paid to warning signs of phishing emails. The fundamental attribution error can cause damage this way, as people might be seen as to blame for the insecure behaviour, rather than being met with empathy for the situation they found themselves in.

Download this page as a pdf-file:

Fundamental-attribution-errorDownload

Download slides about this topic that you can embed into your presentation / lecture:

Fundamental-attribution-errorDownload
Categories:

Related Posts

Meetings and Events

CySec4Psych Jam (21st and 22nd of August 2023)

Although we regretfully announce the postponement of the CySec4Psych Jam originally scheduled for August 21st and 22nd, 2023, we are pleased to have had the opportunity to plan such an event and test if the Read more…

Meetings and Events

CySec4Psych Summer School in The Hague (3rd – 7th of July 2023)

The CySec4Psych Summer School in The Hague, hosted by Leiden University, proved to be a successful event. It brought together a diverse group of attendees, allowing them to explore the intersection of cybersecurity and psychology Read more…

Meetings and Events

CySec4Psych – Cybersecurity Beyond Computer Science (Multiplier Event 19th of June 2023)

On June 19, 2023, the Helmholtz Center for Information Security (CISPA) and the University of Saarland (UdS) collaborated to host a comprehensive event, “CySec4Psych – Cybersecurity Beyond Computer Science,” at Saarland’s University of Applied Sciences Read more…