The role of cognitive biases in anticipating and responding to cyberattacks

Arnela Ceric, Peter Holland

Research output: Contribution to journalArticlepeer-review

4 Citations (Scopus)


Purpose: The purpose of this paper is to explore the role of four cognitive biases, namely, selective perception, exposure to limited alternatives, adjustment and anchoring, and illusion of control in anticipating and responding to Distributed Denial of Service (DDoS) attacks.
Design/methodology/approach: The paper is based on exploratory case study research and secondary data on decision making in the Australian Bureau of Statistics (ABS) in regards to planning and managing DDoS attacks on Census day in 2016.
Findings: Cognitive biases limited the ABS's awareness of the eCensus system’s vulnerabilities, preparation for and management of DDoS attacks. Cyberattacks are on the increase, and managers should expect and be prepared to deal with them.
Research limitations/implications: Due to the sensitivity of the topic, it was not possible to interview relevant stakeholders. Analysis is based on high-quality secondary data that includes comprehensive government reports investigating the events on Census day.
Practical implications: Cyberattacks are inevitable and not an aberration. A checklist of actions is identified to help organisations avoid the failures revealed in our case study. Managers need to increase their awareness of cyberattacks, develop clear processes for dealing with them and increase the robustness of their decision-making processes relating to cybersecurity.
Originality/value: This we believe is the first major study of the DDoS attacks on the Australian census. DDoS is a security reality of the 21st century and this case study illustrates the significance of cognitive biases and their impact on developing effective decisions and conducting regular risk assessments in managing cyberattacks.
Original languageEnglish
Pages (from-to)171-188
Number of pages18
JournalInformation Technology and People
Issue number1
Early online date24 Sept 2018
Publication statusPublished - Jun 2019


Dive into the research topics of 'The role of cognitive biases in anticipating and responding to cyberattacks'. Together they form a unique fingerprint.

Cite this