Christian Howell ^1* David Maimon ² Caitlyn Muniz ³ Eden Kamar ^2* Tamar Berenblum ⁴

• ¹ University of South Florida, Tampa, Florida, United States
• ² Georgia State University, Atlanta, Georgia, United States
• ³ The University of Texas at El Paso, El Paso, Texas, United States
• ⁴ Hebrew University of Jerusalem, Jerusalem, Jerusalem, Israel

The effectiveness of human-centric cybersecurity relies on end-users' adherence to security and privacy behaviors. Understanding and predicting variations in the adoption of these behavioral safeguards is of both theoretical and practical importance. We argue that existing frameworks, largely borrowed from the health science literature, would benefit from integrating criminological constructs relevant to predicting online victimization patterns. This study introduces Paternoster and Pogarsky's (2009) rational choice theory of cognition, thoughtfully reflective decision making (TRDM), to the information security literature. TRDM posits that variation in cognitive decision-making capabilities predicts behavioral outcomes. In this context, thoughtfully reflective decision makers are hypothesized to adopt more robust security and privacy practices, thereby reducing their susceptibility to online victimization. Leveraging a field experiment, our study supports the theoretical model: TRDM is associated with increased engagement in privacy behaviors. Moreover, thoughtfully reflective decision makers are more likely to engage in computer security behaviors when warned of the implications of noncompliance. These findings challenge the prevailing one-size-fits-all approach to cybersecurity, contributing to the development of sophisticated risk assessment tools for mitigating vulnerabilities and reducing users' susceptibility to digital threats.