Abstract Vulnerabilities to online cyber-related crime are typically the result of poor decisions on the part of users. To date, research on risk-taking behavior applied to cyber-security situations has concentrated mainly on the risks that stem from active behavioral choices (e.g., opening an attachment from an unknown sender). However, risk may result from the failure to implement an action (e.g., not strengthening a password). These two types of risk have been differentiated and termed active- and passive-risk behaviors. We conducted two studies (Study 1 and Study 2) that examine how self-reported active- and passive-risk behaviors predict cyber-security behavioral intentions. In Study 3, we examine how active and passive risk relate to actual cyber-security behavior. The results show that cyber-security behavioral intentions and actual cyber behaviors are significantly correlated with self-reported individual differences in passive-risk behavior but not in active-risk behavior. We discuss the theoretical and practical implications of these findings.

中文翻译：

---

被动和非主动风险趋势预测网络安全行为

摘要 在线网络相关犯罪的漏洞通常是用户决策不当的结果。迄今为止，对应用于网络安全情况的冒险行为的研究主要集中在源于主动行为选择（例如，打开来自未知发件人的附件）的风险。然而，风险可能来自于未能执行某项操作（例如，未加强密码）。这两种类型的风险已被区分并称为主动风险行为和被动风险行为。我们进行了两项研究（研究 1 和研究 2），研究自我报告的主动和被动风险行为如何预测网络安全行为意图。在研究 3 中，我们研究了主动和被动风险与实际网络安全行为的关系。结果表明，网络安全行为意图和实际网络行为与自我报告的被动风险行为个体差异显着相关，但与主动风险行为无关。我们讨论了这些发现的理论和实践意义。