Informing security through Cultural Cognition: The influence of cultural bias on operational...

This article was downloaded by: [Edith Cowan University]On: 27 March 2013, At: 03:59Publisher: RoutledgeInforma Ltd Registered in England and Wales Registered Number: 1072954 Registeredoffice: Mortimer House, 37-41 Mortimer Street, London W1T 3JH, UK

Journal of Applied Security ResearchPublication details, including instructions for authors andsubscription information:http://www.tandfonline.com/loi/wasr20

Informing Security Through CulturalCognition: The Influence of Cultural Biason Operational SecurityMel Griffiths a & David J. Brooks aa SECAU, Edith Cowan University, Joondalup, AustraliaVersion of record first published: 28 Mar 2012.

To cite this article: Mel Griffiths & David J. Brooks (2012): Informing Security Through CulturalCognition: The Influence of Cultural Bias on Operational Security, Journal of Applied SecurityResearch, 7:2, 218-238

To link to this article: http://dx.doi.org/10.1080/19361610.2012.656256

PLEASE SCROLL DOWN FOR ARTICLE

Full terms and conditions of use: http://www.tandfonline.com/page/terms-and-conditions

This article may be used for research, teaching, and private study purposes. Anysubstantial or systematic reproduction, redistribution, reselling, loan, sub-licensing,systematic supply, or distribution in any form to anyone is expressly forbidden.

The publisher does not give any warranty express or implied or make any representationthat the contents will be complete or accurate or up to date. The accuracy of anyinstructions, formulae, and drug doses should be independently verified with primarysources. The publisher shall not be liable for any loss, actions, claims, proceedings,demand, or costs or damages whatsoever or howsoever caused arising directly orindirectly in connection with or arising out of the use of this material.

http://www.tandfonline.com/loi/wasr20

http://dx.doi.org/10.1080/19361610.2012.656256

http://www.tandfonline.com/page/terms-and-conditions

Journal of Applied Security Research, 7:218–238, 2012Copyright © Taylor & Francis Group, LLCISSN: 1936-1610 print / 1936-1629 onlineDOI: 10.1080/19361610.2012.656256

Informing Security ThroughCultural Cognition: The Influence of Cultural

Bias on Operational Security

MEL GRIFFITHSSECAU, Edith Cowan University, Joondalup, Australia

DAVID J. BROOKSSECAU, Edith Cowan University, Joondalup, Australia

Cultural bias will influence risk perceptions and may breed “se-curity complacency,” resulting in the decay of risk mitigation effi-cacy. Cultural Cognition theory provides a methodology to definehow people perceive risks in a grid/group typology. In this study,the cultural perceptions of Healthcare professionals to access con-trol measures were investigated. Collected data were analyzed forsignificant differences and presented on spatial maps. The resultsdemonstrated correlation between cultural worldviews and percep-tions of security risks, indicating that respondents had selected theirrisk perceptions according to their cultural adherence. Such under-standing leads to improved risk management and reduced decayof mitigation strategies.

KEYWORDS Risk management, perception, Cultural Cognition,mitigation, decay

INTRODUCTION

Security risk is an area where different perceptions of threat and risk can dra-matically influence the effectiveness and outcome of risk mitigation strate-gies. These strategies are often rendered less effective as a result of disagree-ment between groups as to what constitutes a risk and whether there is anyvalue in the employed mitigation. A poor understanding of the risk biaseswithin organizational cultures in the initial stages of risk management maylead to poor participation in the security effort and decay in the efficacy of

Address correspondence to Melvyn Griffiths, SECAU, Edith Cowan University, 270 Joon-dalup Drive, Joondalup, WA 6027, Australia. E-mail: [email protected]

218

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013

The Influence of Cultural Bias on Operational Security 219

security practices. The study was concerned with security and risk in a publicsetting, applied within public hospitals. According to Aldridge (2005, p. 1),hospitals are reluctant participants and their dichotomous open/restrictednature makes these facilities particularly susceptible to a variety of vulnera-bilities. Risk perception cultures that may be reluctant to participate fully inthe security effort create security problems (Mars & Frosdick, 1997, p. 118)and the “protection level of a medical care facility is directly related to theextent to which employees participate in the security effort” (Colling, 2001,p. 347).

Security incidents in hospitals is both under-reported (Luck, Jackson,& Usher, 2008) and occurring more frequently (Benveniste, Hibbert, &Runciman, 2005; Chapman & Styles, 2006; Kennedy, 2005; Sands, 2007).Nevertheless, much of the research into hospital security has been focusedon staff safety and physical assault, and the more fundamental issues oforganizational culture and risk perceptions have not received the same at-tention. For risk mitigation strategies to be effective they must have thesupport of most, if not all, of the participants in the security effort. Thedegree of participant commitment to mitigation strategies is influenced byhow the risks are perceived and may affect the performance of securitymeasures. There is therefore a need for a greater understanding of the im-pact that the risk perceptions of individuals have on security risk mitigationstrategies.

STUDY OBJECTIVES

This study assessed the utility of the Cultural Cognition methodology in a se-curity risk context by measuring competing worldviews and risk perceptionstowards entry and access control measures between various cohorts in ahealthcare environment. The outcome ascertained whether culturally biasedworldviews of participants influence security risk perceptions and the effi-cacy of risk mitigation strategies. The study proposed that if the cultural riskworldviews correlated with perceptions of access control risk proposed byCultural Cognition (Kahan, 2008, p. 4), this would indicate that the identifica-tion of cultural groups within an organization could assist in identifying moreeffective risk management strategies and reduced security decay. Thereforethis study addressed the research question: Do cultural risk worldviews cor-relate with perceptions of entry and access control risk proposed by CulturalCognition?

SECURITY AND RISK PERCEPTION

Security can be defined as a predictable environment “without disruptionor harm and without fear of disturbance or injury” (Fischer & Green, 2004,

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013

220 M. Griffiths and D. J. Brooks

p. 21). Public hospitals are large public spaces where entry and access controlsystems are increasingly becoming the primary means of security risk miti-gation (Aldridge, 2005, p. 2). Public spaces can be difficult to secure due toindistinct notions of ownership and access. Although a public hospital haslarge areas that could be termed public space according to this nomenclature,it is in reality a restricted public space with many areas having controlledaccess (Wakefield, 2003, p. 24). In order for a hospital to be a secure en-vironment that is “free from danger” (Craighead, 2003, p. 21) while at thesame time maintaining its core business objectives (Standards Australia, 2006,p. 11), the doors must remain open to recovery while being closed to ma-licious acts (Leahy & Michealman, 2003, p. 96). Entry and access controlsystems are comprised of the physical equipment and the processes usedfor managing authorization and regulating the levels of access of staff andvisitors to various areas within a facility (Craighead, 2003, p. 243). The effec-tiveness of entry and access control systems hinges on the cultural attitudesand risk perceptions of the system users.

Despite the notion that security risks are democratic in nature, beingthat “they affect all of us” (Hopkins, 2005, p. 139), they are not perceivedwith the same objectivity. Risk perceptions are “imperfect estimates of anobjective reality” (Hopkins, 2005, p. 113) and Kahan (2002) suggests thatrisks are perceived though “cognitively derivative of social norms” (p. 1297).If social norms encourage dismissal of legitimate security risks, this creates aculture of risk denial defined as a “denial of the likelihood that factors in theenvironment will create consequences despite those factors being perceivedand the risk being foreseeable” (Leivesley, cited in Hopkins, 2005, p. 61).The importance of risk management in the security context is summed byFischer and Green (2004), who state that “if security is not to be one-dimensional, piecemeal, reactive, or prepackaged, it must be based on anal-ysis of the total risk potential” (p. 129). In addition, Hopkins (2005) statesthat risk assessment is “built on the assumption that risk can be objectivelymeasured” (p. 115); however, Slovic (1999) asserts that risk has no externalexistence “independent of our minds and cultures” (p. 690) but is a usefulconstruct invented to aid survival. Objective assessments of risk are actu-ally “subjective and assumption-laden . . . dependent on judgement” (Slovic,1999, p. 690) and are “irrelevant to the individual who will act accordingto their personal qualitative risk estimates” (Hopkins, 2005, p. 117). Thus,if the concept of risk is so intangible and elusive, how then can a secureenvironment “free from danger” (Craighead, 2003, p. 21) be created andmaintained?

The perception of risk can be defined as beliefs, judgments, and attitudesthat are held individually and collectively (Kahan, 2002, p. 1297). There aretwo broad approaches to risk perception research; the Psychometric Theoryof risk or paradigm (Slovic, 1987; Starr, 1969) which “uses psychophys-ical scaling and multivariate analysis techniques to produce quantitative

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


representations . . . of risk attitudes and perceptions” (Slovic, 1987, p. 281);and the Cultural Theory of Risk originating from the work of Mary Douglas(1978), and Mary Douglas and Aaron Wildavsky (1982), which “links disputesover . . . risks to clusters of values that form competing cultural worldviews”(Kahan, Slovic, Braman, & Gastil, 2006, p. 17). The Cultural Theory of riskfeatures four worldviews, known variously as solidarities, myths of nature orways of life, which are defined by their position within the grid and grouptypology (Douglas & Wildavsky, 1982, p. 138). The characteristics of theworldviews are defined by their positions in the grid/group typology, beingeither high or low group (indicating degrees of binding to social groups),and either high or low grid (indicating degrees of socially defined circum-scription) (Thompson, Ellis, & Wildavsky, 1990). The four worldviews thatemerge from the grid/group typology are labeled Hierarchical, Individualist,Egalitarian, and Fatalist.

CULTURAL COGNITION AS A THEORETICAL FRAMEWORK

An aspect of social risk perception that has only been recognized rela-tively recently is the way the psychometric paradigm’s psychological pro-cesses “interact with cultural ways of life, generating individual differencesin risk perception between people who subscribe to competing worldviews”(Kahan, 2008, p. 10). According to Kahan et al. (2006, p. 18), the world-views of the Cultural Theory of Risk are not an alternative explanation tothe psychometric paradigm, but rather an integral part of the psychometricparadigm’s psychological explanations. Therefore, Cultural Cognition assertsthat the heuristics and mechanisms (mental models or schemata that simplifycognition) identified in psychometric risk research are steered by the culturalways of life identified in the Cultural Theory of Risk perception (Kahan et al.,2006, p. 18).

Cultural Cognition combines the Cultural Theory of Risk’s grid/grouptopology with the Psychometric paradigm’s two-axis spatial representa-tion approach, creating the two continuums of Hierarchy-Egalitarianism(high-low grid) and Individualism-Communitarianism (low-high group)(Kahan, 2008, p. 6). Similar to the Psychometric paradigm’s spatial rep-resentations of risk perceptions, cultural cognitive representations of riskperceptions are plotted as discrete points within the quadrants defined bythe intersecting grid/group axes. If an individual selects their risk percep-tions according to their cultural adherence, these points would be “signif-icantly correlated with how high or low a point that individual’s world-view occupies along the relevant worldview dimensions” (Kahan, 2008,p. 6).

Cultural Cognition risk perceptions may be plotted on a spatial map asdiscrete points within the quadrants defined by the intersecting grid/group

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


FIGURE 1 Cultural Cognition worldviews in relation to the Grid/Group typology (Kahan,2008, p. 6).

axes. Whether a particular quadrant represents skepticism or sensitivity torisk is dependent upon the way in which the risk perception is influencedby the cultural bias associated with the worldviews of that quadrant. Forexample, Egalitarians and Communitarians tend to square off against Hier-archists and Individualists in their perceptions of technological and environ-mental risks. However, the worldviews also tend to take opposite stanceson health risks and risks associated with social deviancy. Egalitarians viewsecurity controls as representing a threat to their sense of equity and arelikely to display a limited adherence to security procedures (Tsohou, Karyda,Kokolakis, & Kiountouzis, 2006, p. 209). Likewise, Individualists are re-luctant participants in the security effort due to a perception that securitycontrols are a restriction of individual freedom and will tend to bypass se-curity procedures (Tsohou et al., 2006, p. 209). According to Mars (1996,p. 4), Individualists are likely to promote their own short term self-interestover the benefit of the organization. Conversely, Hierarchists are likely tosee breaches of security controls as a threat to the established social orderand a challenge to authority (Tsohou et al., 2006, p. 209). Communitariansare likely to perceive security controls as a benefit to the collective, andbreaches of security as risking the wellbeing of the community for individualself-interest (Kahan et al., 2006, p. 22). The characteristics of the Cultural Cog-nition worldviews are defined by their positions in the grid/group typology(Figure 1).

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


METHODOLOGY

The study measured correlation between cultural biases and security riskperceptions relating to access control. Within a Western Australian publichospital three cohorts where measured, from three different wards withvarying access control requirements. The study’s methodology was devel-oped into a conceptual map (Figure 2), which details the approach used toaddress the posed research question.

Theory Supporting the Study

Cultural Cognition Theory’s two scale Grid/Group approach was used to assess

Cultural Bias.

Materials and Method

A research instrument was developed and a non-probability quota sampling of 47 respondents was attained. These were

then divided by cohort and Ward.

AN

ALY

SIS

Gri

d

Group

2 x Doctors1 15 x Nurses1 3 x PCA’s1



Cohort

War

d

ME

TH

OD

Analysis

The statistical analysis of the responses included Mann-Whitney, Wilcoxon

signed-rank tests and reliability analysis, before spatial mapping of the data.

Interpretation

Interpretation of the results revealed significant correlations between cultural

worldviews and security risk perceptions, the influence of organizational culture, and

the presence of “identity protective Cognition,” where participants adhere to the dominant worldview of self-defined

reference groups. IN

TE

RP

RE

TA

TIO

N

Research Question?

Hierarchist

Egalitarian

Communitarian Individualist

Hierarchical Individualist

Hierarchical Communitarian

Egalitarian Individualist

Egalitarian Communitarian

Gri

d

Group ?

TH

EO

RY

Grid

Group

Hierarchy

Individualism

Egalitarianism

Communitarianism

FIGURE 2 Conceptual map of the study’s methodology (Color figure available online).

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


Target Population and Sample

The target population of the study was 4,700 healthcare practitioners, con-sisting of staff from a major public Western Australian teaching hospital. Anonprobability sampling strategy was applied as there were insufficient num-bers of the target cohorts on each ward to achieve a statistically valid sample(Cohen, Manion, & Morrison, 2007, p. 113). However, as the sample neededto reflect the wider population in its proportional representation of variouscohorts, quota sampling was selected as the type of nonprobability samplingmethod for the study in order to “give weighting” (Cohen L. et al., 2007,p. 114) to the selected cohorts, reflecting the wider population. The totalnumber of doctors, nurses, and other health workers such as Patient CareAssistants (PCAs) working in Australian Hospitals was 185,364 (Australian In-stitute of Health and Welfare, 2009, p. 14) and of this figure, approximately74% were nurses, 15% were other health workers, and 11% were doctors(Australian Institute of Health and Welfare, 2009, p. 14). Given that the tar-get cohorts are represented by between 25 to 36 total staff members in atypical ward, a sample of 60 respondents were used.

Data Instrument

The data collection instrument was based on a questionnaire developed bythe Cultural Cognition Project (Kahan, 2008; Kahan, Braman, Slovic, et al.,2007) for the Cultural Cognition theory’s two-scale approach and includedmany of the same items, for example:

• “It seems like the criminals and welfare cheats get all the breaks, while theaverage citizen picks up the tab.”

• “Our society would be better off if the distribution of wealth was moreequal.”

• “People who are successful in business have a right to enjoy their wealthas they see fit.”

• “Government should put limits on the choices individuals can make sothey don’t get in the way of what’s good for society.”

Items from the original questionnaire that measured similar opinionswere removed and others that were deemed to be too strongly worded wererevised, resulting in eight of the 14 items from the Hierarchy-Egalitarian scaleand eight of the 12 Individualist-Communitarian scale items being retained.In addition to these questions, a further four questions (two for each scale)were developed, based on the cultural biases of each worldview towardssecurity access control.

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


In addition to questions from the survey instrument developed byKahan, Braman, Slovic, et al. (2007), four statements relating to entry andaccess control risk perceptions were also included. These statements weredesigned with each of the four Cultural Cognition groups in mind and in-cluded the following for the Hierarchy-Egalitarian scale:

• Hierarchist: “Those who do not follow security and access control proce-dures have a disregard for authority.”

• Egalitarian: “Everyone should follow security and access control proce-dures equally, regardless of rank or status.”

The following entry and access control questions were used for theIndividualist-Communitarian scale:

• Individualist: “Individuals should be able to make their own judgementson whether to follow security and access control procedures dependingon the situation.”

• Communitarian: “Management should put measures in place to ensurethat staff members follow security and access control procedures.”

It was intended that the mean scores of the two security questions oneach scale be measured and the results mapped onto a spatial representa-tion. These could then be compared with the mean scores of the CulturalCognition questions from each scale. This comparison allowed any correla-tion between cultural biases and security risk perceptions of a cohort to bedemonstrated by the clustering of risk perceptions around cultural world-views within the spatial map. If the mean responses of a particular cohortwere identified as being, on average, Hierarchical-Communitarian, then theresponses of that same cohort should be clustered near the discrete pointplotted for their worldview.

Data Collection and Analysis

The three wards had varying access control arrangements, although theyhad similar patient numbers and demographics. Participants in the studywere asked to rate their responses to the survey instrument by indicating therelative position of their opinion on a 10-point Likert scale (Figure 3). Themean worldviews were then measured onto spatial maps representing the

FIGURE 3 Likert scale used in the data collection instrument (Color figure available online).

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


two Cultural Cognition scales of Hierarchy-Egalitarianism and Individualist-Communitarianism. The mean Cultural Cognition worldviews were thenoverlayed with the mean risk perceptions towards access control on thespatial map.

It was reasoned that if the alpha coefficients calculated on the resultsof the study could approach the alpha scores of the Cultural Cognitioninstrument developed by Kahan (2008, p. 7). Correlation may provide evi-dence of replicability and indicate that it is indeed cultural worldviews thatare contributing to risk perceptions, and not extraneous variables, as wellas demonstrating that the results may be generalized to some degree. Thisoutcome would provide evidence of the instrument’s reliability, as well as in-ternal and external validity. The studies conducted by the Cultural CognitionProject (Yale Law School, 2009) have shown the two-scale survey instru-ment to yield an alpha coefficients of α = 0.89 for the Hierarchy-Egalitarianscale and α = 0.88 for the Individualist-Communitarian scale (Kahan, 2008,p. 7).

The data was tested for normality using a Shapiro-Wilk test, whichrevealed that the data from the Hierarchy-Egalitarian scale and theIndividualism-Communitarianism scale were both significantly nonnormal,although the amount of skew were small. Despite the sample size beinggreater than 30 respondents, there was significant Kurtosis for the Hierarchy-Egalitarian scale and the Individualism-Communitarianism scale, indicatingthat a t-test would not be robust to the violation of the assumption of nor-mality (Field, 2009, p. 139). As a result, nonparametric tests of statisticalsignificance were employed. The Mann-Whitney test was used to deter-mine whether there were any statistically significant differences betweenthe means of each group. The Wilcoxon signed-rank test was also used todetermine whether there was any statistically significant differences in theresponses of the three cohorts to the Cultural Cognition and access con-trol questions. In addition to these statistical tests, the mean responses weremapped onto spatial representations of Cultural Cognition’s grid/group ty-pology. It was determined that Kahan, Braman, Gastil, Slovic, and Mertz’s(2007, p. 477) approach of using the median score of each scale as thereference point for the X and Y axis was both logical and defensible. Asa result, mean responses were measured onto spatial maps using the me-dian scores of the data set from the Hierarchy-Egalitarian (Mdn = 5.0) andIndividualism-Communitarian (Mdn = 5.6) scales for the X and Y axis.

INTERPRETATIONS

The intended outcomes of the study were to determine whether the CulturalCognition methodology is a valid and reliable tool for empirically testingthe cultural theory of risk in a security context, as well as the relationship

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


between risk perceptions of entry and access control and cultural biaseswithin a healthcare environment. The findings which supported these out-comes included significant correlations between cultural worldviews andsecurity risk perceptions, the influence of social and organizational stratifica-tions on risk perceptions, and evidence of the identity-protective cognitionmechanism identified by Cultural Cognition theory.

The Wilcoxon signed-rank test demonstrated that, for all cohorts, therewas a significant correlation between cultural risk worldviews, and percep-tions of entry and access control risk, demonstrating that the cohorts hadselected their risk perceptions according to their cultural adherence. Thisfinding is supported by similar results in previous Cultural Cognition studies(Kahan, 2002; Kahan, Braman, Gastil, et al., 2007; Kahan, Braman, Slovic,et al., 2007; Kahan, Braman, Slovic, Gastil, & Cohen, 2008; Kahan, Slovic,et al., 2008). The results of the analysis also provided evidence that orga-nizational cultures influenced worldviews and risk perceptions, a findingalso supported by previous studies which have found that each mode ofsocial organization selects its own risk agenda as a method of expressingand reinforcing values (Douglas & Wildavsky, 1982; Kahan, 2007). The co-horts whose occupation gave them greater authority within the organizationexpressed perceptions of risk that were less risk averse and adhered less tosocially stratified ways of life. This opposed those cohorts with less organiza-tional authority, evidenced by overall differences in locations of the cohortson the “grid” (vertical) axis (Figure 4).

These differences in adherence to cultural worldviews were reflectedin the responses of the cohorts to entry and access control risk perceptionitems, indicating that the social and organizational stratifications that helpedto define cultural worldviews of the cohorts were in turn influencing secu-rity risk perceptions (Figure 4). This finding is supported by Bovens (1998,p. 121), who states that the greater an individual’s authority, the fewer in-hibitions they have in regards to their position within the organization. Itwas also demonstrated that those cohorts whose occupation gave them lessauthority within the organization, such as the PCA cohort, were generallylocated lower on the group axis (horizontal) than the nurse cohort, and thenurse cohort lower on than the doctor cohort, a finding which may also beascribed to differences in the occupations (Figure 5).

Separation may be explained by the fact that those cohorts with greaterorganizational authority also tend to have greater responsibility to the group.The “group” concept is defined in terms of “the claims it makes over itsconstituent members, the boundary it draws around them, the rights it conferson them to use its name and other protections” (Douglas, 1978, p. 8). Thisview suggests that the doctor cohort generally had a more distinct sense of“responsibility to group” compared to nurses and PCAs. Likewise, the nursecohort generally demonstrated a more distinct sense of “responsibility togroup” compared to the PCA cohort.

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


FIGURE 4 Mean worldviews of the three cohorts relative to the grid axis (Color figure avail-able online).

The locations of the security risk perceptions of the three cohorts alongthe grid axis were shown to be statistically similar to the measured culturalworldviews, indicating that security risk perceptions were also being influ-enced by the social stratification of occupation. There was also evidencethat cultural worldviews were influenced by the organizational stratificationof ward. The two closed wards (A and B) used entry and access controlmeasures for security and infection control respectively, and the open ward(C) used no entry and access control beyond securing pharmaceuticals. Itwas demonstrated that for each of the cohorts, the closed wards (A and B)occupied more Hierarchical positions compared to the open ward (C) intheir Cultural Cognition responses (Figure 6).

It was expected that a difference in the worldviews between open andclosed environments (Kahan et al., 2006; Tsohou et al., 2006, p. 209) orin this case wards, would be evident. The security risk perceptions of theclosed wards (A and B) were also demonstrated to generally occupy moreHierarchical (security sensitive) positions on the grid axis compared withthe open ward (C) (Figure 5). This outcome was not unexpected given thepresence of entry and access control measures on the closed wards; however,

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


FIGURE 5 Mean worldviews of the three cohorts relative to the group axis (Color figureavailable online).

there was evidence of a combined influence of occupation and ward securitymeasures on risk perceptions. Doctors were demonstrated to be the mostsecurity risk sensitive of the cohorts on closed wards (A and B), followed bynurses and PCAs. The only departure from this pattern was the unexpectedresult of the PCA cohort from Ward C, demonstrating a relatively high-group and high-grid security risk perceptions (Figure 5). The three wardshad similar patient demographics, yet Ward C was the only one withoutsome form of entry and access control. Therefore, it is conceivable that theWard C PCA cohort may have subscribed to more Hierarchical security riskperceptions than Wards A or B, due to a greater reliance on “fixed socialcharacteristics” (Kahan & Braman, 2005, p. 151) rather than technology toaugment ward security.

The Mann-Whitney test demonstrated that the worldviews of nursesand PCAs were significantly similar across all wards. However, the doctorcohort demonstrated a significant difference to the nurse cohort on WardB, and on Ward C, the doctor cohort demonstrated a significant differenceto both the nurse and PCA cohorts. According to Cultural Cognition theory,when individuals engage in deliberations over risks their individual biases

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


FIGURE 6 Location of the mean security risk perceptions of the three cohorts (Color figureavailable online).

are magnified and predominant risk perceptions emerge as the risk con-sensus, resulting in Identity-protective cognition (Kahan et al., 2006, p. 12).Cultural Cognition states that the mechanism of identity-protective cognitioncauses individuals to believe their perspective is the correct perspective andthat their resulting behavior is therefore “societally beneficial” (Kahan, 2008,p. 11), especially when such beliefs reinforce solidarity to a group. It is asubconscious motivation to “conform . . . perceptions of risk to ones that aredominant within . . . self-defining reference groups” (Kahan, 2008, p. 11).

Nurses and PCAs work closely and in a similar capacity to one anothercompared with doctors and it may be suggested that doctors are less likelythan PCAs to have their cultural worldviews polarize in the same way asnurses (Kahan & Braman, 2005, p. 154). Instead, doctors may be more likelyto form a separate dominant worldview within their own self-defined refer-ence group. Such separation is supported by the finding that although signifi-cant differences were observed between the mean worldviews of some of thedoctor, nurse, and PCA cohorts, the cultural worldviews of doctors, nursesand PCAs were significantly similar within their own cohorts overall, indicat-ing a tendency for the individuals surveyed to conform to worldviews thatare dominant within their own self-defined occupational reference groups(Kahan, 2008, p. 11).

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


The Cronbach’s alpha scores calculated for both the Hierarchy-Egalitarian scale (α = 0.52) and the Individualist-Communitarian scale (α =0.65) were reasoned to be relatively acceptable for two reasons. First, al-though the generally accepted value for alpha is often stated to be between0.70 and 0.80, values below 0.70 are not unexpected when dealing withpsychological constructs (Field, 2009, p. 675; Kline, 1999). Second, the valueof alpha is dependent on the number of items in the scale (Cortina, 1993).The research instrument used in this study relied on 10 items in each scale,whereas the original Cultural Cognition research instrument on which thestudy was based relied on 14 items for the Hierarchy-Egalitarian scale and15 items for the Individualism–Communitarianism scale. When these limita-tions were taken into account, it was reasoned that the alpha coefficientsprovided some evidence of replicability of results and indicated that it waslikely to be cultural worldviews that were influencing risk perceptions andnot extraneous variables. It also indicated that the results of the study may begeneralized, demonstrating the Cultural Cognition methodology’s reliabilityand validity.

RECOMMENDATIONS

This study has demonstrated that security risk perceptions are influencedby cultural worldviews, which are in turn influenced by social stratifica-tions. There are several issues associated with risk management and culturalbias that may directly benefit from the application of the Cultural Cogni-tion methodology, including the application of security risk management,understanding the decay of security through poor employee participation inthe security effort, the continuing effect of cultural bias on risk mitigationstrategies and the difficulties associated with communicating risk messagesto disparate cultural groups.

Benefit of Cultural Cognition in the Applicationof Security Risk Management

The study demonstrated that there was a high level of correlation betweencultural worldviews and security risk perceptions, indicating that the partic-ipants had selected their risk perceptions according to their cultural biases.Such cultural bias indicates that the identification of cultural groups withinan organization could assist in determining the potential for security decay,as well as helping to identify more effective risk management strategies. Theresults of the study also provided evidence that organizational cultures andsocial stratifications of the surveyed cohorts influenced their cultural world-views and risk perceptions. Cultural biases may adversely influence the ac-ceptance of risk messages, thereby exacerbating security risks. If the Cultural

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


Cognition methodology can be successfully applied to security risk man-agement issues, the mechanisms that the theory advocates may be used tomore successfully frame risk messages and potentially achieve a democraticrisk consensus among competing cultural worldviews. Such an approachwill lead to a decline in those aspects of security risk management that areaffected by cultural biases.

Understanding Security Decay

Security decay (Coole & Brooks, 2009; Coole & Brooks, 2011) is the gradualbreakdown in the systems approach towards security risk mitigation strate-gies. Decay is the result of disorder in the system’s individual parts whichresult in degradation in protecting against threats. Decay may occur as aresult of disorder of the parts by such factors as complacency, poor main-tenance, familiarity, and (paradoxically) feelings of security. Cultural biases(or worldviews) may influence the development of security decay throughvarious Cultural Cognition mechanisms that predispose and persuade indi-viduals to perceive risks in a way contrary to that which is ideal for effectiveoperational security. Truly successful risk mitigation strategies would resultin a consistently stable and predictable environment, with the system main-tained at its commissioned level; however, such an illusion of security hasthe paradoxical effect of breeding complacency among contributors to thesecurity effort and inevitably leads to the decay of risk mitigation strategies.This in turn increases the risk and creates a security risk cycle of threat,mitigation, security, and security decay. Some psychological processes iden-tified by Cultural Cognition Theory, such as identity-protective cognition,may feed into the decay of security mitigation strategies (Figure 7). Withinthe risk management framework as security decay increases, risk reductiondecreases and risk exposure increases.

FIGURE 7 The impact of cultural bias on the security risk cycle (Color figure availableonline).

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


The tendency of individuals to adhere to their beliefs despite discon-firming evidence (Cohen, Aronson, & Steele, 2000, p. 1151) is “bound upwith membership in various self-defining groups” (Kahan, Hoffman, & Bra-man, 2009, p. 15). When presented with information that contradicts theirbeliefs, individuals will tend to follow the cognitive path of least resistanceby assessing the issue in such a way that provides a desired level of confi-dence with minimal effort. In the case of identity-protective cognition, thispath involves a “group consensus implies correctness” heuristic that rein-forces identity and self-integrity supported by an important reference group(Giner-Sorolila & Chaiken, 1997, p. 84). Cohen, G. L. et al. (2007) suggestthat the relationship between group-derived identity and self-integrity differsdepending on situation and context, and thus an individual’s organizationalor professional identity “should contribute relatively more to their personalintegrity” (p. 415) in the relevant organizational context.

Nevertheless, such identity-protective heuristics cause resistance to in-formation that might alienate an individual from peers or reveal a “socialincompetence” (Kahan et al., 2009, p. 16) of an importance reference group,thereby forcing selective processing of information in order to reinforcegroup-derived identity and preserve self-integrity. This selective assimilationof information may impede the uptake of good security practice among par-ticipants in the security effort. These factors lead to complacency in mattersof security and a decay of risk mitigation effectiveness, resulting in overcom-pensation and further investment in mitigation strategies and perpetuatingthe security risk cycle of threat, mitigation, security risk management andsecurity decay. Therefore, an understanding of cultural-bias related risk is-sues should be built into risk management strategies in order to improverisk communication and employee participation in the security effort, and toreduce security decay.

Continuing Effect of Cultural Bias on Risk Mitigation Strategies

Cultural Cognition Theory may benefit security risk management by not onlyidentifying cultural biases but also by providing solutions, allowing the mit-igation of the potentially adverse effects of cultural bias. This study foundthat although some significant differences were observed between the meanworldviews of the various cohorts, overall cultural worldviews of doctors,nurses, and PCAs were significantly similar within their own cohorts. Theseclusters suggest that the different cohorts had formed dominant worldviewswithin their self-defined reference groups and had developed shared per-ceptions of risk via the identity-protective cognition mechanism identifiedby Cultural Cognition. Identity-protective cognition states that individualstend to believe their perspective is the correct perspective and that theirresulting behavior is therefore “societally beneficial” (Kahan, 2008, p. 11),especially when such beliefs reinforce solidarity to a group (Kahan, Braman,

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


Gastil, et al., 2007). The identity-protective cognition mechanism is under-pinned by the human evolutionary drive to “belong” to a group for the manybenefits such an association provides, leading to a subconscious motivationto “conform . . . perceptions of risk to ones that are dominant within . . .

self-defining reference groups” (Kahan, 2008, p. 11). By successfully iden-tifying such psychological mechanisms, targeted mitigation strategies basedon Cultural Cognition may be developed by exploiting other psychologicalmechanisms evidenced by the theory.

Cultural Cognition Theory describes a cognitive mechanism called“cultural-identity affirmation,” which posits that a self-affirming experiencewill cushion the threat that an individual would normally feel upon expo-sure to “information that challenges beliefs dominant within an importantreference group” (Kahan, 2008, p. 18). Cohen, G. L. et al. (2007) assert that“self-affirmation should increase people’s openness to information, ideas,and courses of action that conflict with a situationally salient identity” (p.416). The result of providing such an emotional buffer is a less negativelybiased reaction than would otherwise be elicited, and a likely modificationof existing preconceptions (Cohen, G. L. et al., 2007). The same result maybe obtained by framing risk information in a way that does not threaten thecultural bias, but rather affirms it (Kahan, 2008, p. 18; Kahan et al., 2006).Kahan (2008) states that if a risk skeptic is presented with a culturally af-firming solution to a risk, there is far less likelihood of a “cultural-identity-protective backlash” (Kahan, 2008, p. 19) where a cultural group may re-ject the presented risk as real or severe. Although there is no culture-free”worldview, there are ways to “disable or blunt culture’s heuristic influence”(Kahan, 2008, p. 21) and suppress cultural cues that disrupt the developmentof successful risk mitigation outcomes. By “debiasing” or “blunting” culturalbias, a broader, more uniform acceptance of risk mitigation strategies maybe achieved, resulting in greater participation in the security effort, reduc-ing security decay and providing greater returns on the risk managementinvestment (Figure 8).

Overcoming Difficulties with Communicating Risk Messages

Successful application of the Cultural Cognition methodology within a se-curity risk management context may provide risk communication strategiesthat will allow a cross-cultural risk consensus to be achieved among disparatecultural groups. Such an approach allows risk mitigation strategies to receivemore widespread support from the participants in the security effort. Such aview is supported by Beard and Brooks (2009), when they highlighted theimportance of the need to gain a common and clear understanding of riskswithin a group, that an individual’s assessment of a risk was often drivenby their own perceptions and that less important risks held a more commonview, whereas higher risk had a greater diversity of views.

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


FIGURE 8 The impact of Cultural Cognition Theory on the security risk cycle (Color figureavailable online).

FUTURE RESEARCH

Achieving a greater understanding of cultural-bias related risk issues requireslarger studies that overcome the limitations of this study. These further stud-ies could be performed across several general environments in order tovalidate these findings in a security context. Further research could thenbe performed to explore the potential security risk management and riskcommunication applications of the mechanisms identified by Cultural Cog-nition theory. Such research would provide an understanding of how mech-anisms such as identity-protective cognition, biased assimilation and grouppolarization that can exacerbate security issues might be overcome. Suchan approach structures risk communication messages in culturally credibleways that enhance more useful mechanisms such as cultural-identity affirma-tion, thereby reducing the feeling of threat experienced by individuals whenthey are exposed to information that “challenges beliefs dominant within animportant reference group” (Kahan, 2008, p. 18).

CONCLUSION

Within any organizational context, people’s view of danger and risk is depen-dent on their experiences, attitudes, and beliefs, creating culturally definedbiases which compete for dominance, potentially threatening the operationalsecurity effort. Different perceptions of threat and risk can dramatically influ-ence the effectiveness and outcome of risk mitigation strategies. This studyassessed the utility of the Cultural Cognition methodology in a security riskcontext by measuring competing worldviews and risk perceptions towardsentry and access control measures between various cohorts in a hospitalhealthcare environment. The study proposed that a correlation between

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


cultural biases and security risk perceptions relating to access control couldbe demonstrated by the clustering of risk perceptions and cultural world-views. The intended outcomes of the study were to determine whether theCultural Cognition methodology is a valid and reliable tool for empiricallytesting the cultural theory of risk in a security context.

This study found a significant correlation between cultural risk world-views and perceptions of entry and access control risk, demonstrating thatthe cohorts had selected their risk perceptions according to their culturaladherence. This study also demonstrated that security risk perceptions wereinfluenced by cultural worldviews, which were in turn influenced by socialstratifications. Cultural Cognition Theory may benefit security risk manage-ment by not only identifying cultural biases but also by providing solutionsallowing the mitigation of the potentially adverse effects of cultural bias. Asuccessful application of Cultural Cognition Theory to security risk manage-ment issues would allow the mechanisms that the theory advocates to beused to frame more successful risk messages. By “debiasing” or “blunting”cultural bias, a broader, more uniform acceptance of risk mitigation strategiesmay be achieved, resulting in greater participation in the security effort, re-ducing security decay and providing greater returns on the risk managementinvestment. Although there is no perception of risk that is free of some formof bias, the suppression of cultural cues that hamper successful risk mitiga-tion outcomes would allow participants in the security effort to be remindedthat when it comes to security, a good outcome is a good outcome for all.

REFERENCES

Aldridge, J. (2005). Hospital security: the past, the present, and the future. Re-trieved from http://www.securityinfowatch.com/article/article.jsp?siteSection=357&id=5719

Australian Institute of Health and Welfare. (2009). Health and community serviceslabour force. National Health Labour Force series number 42. Cat. no. HWL 43.Canberra, Australia: AIHW.

Beard, B., & Brooks, D. J. (2009). Consensual security risk assessment: Overcomingbias, conflicting interests and parochialism. Paper presented at the Proceedingsof the 2nd Australian Security and Intelligence Conference, Perth, Australia.

Benveniste, K. A., Hibbert, P. D., & Runciman, W. B. (2005). Violence in healthcare: The contribution of the Australian Patient Safety Foundation to incidentmonitoring and analysis. Medical Journal of Australia, 183(7), 348–351.

Bovens, M. A. P. (1998). The quest for responsibility: Accountbility and citizenshipin complex organisations. Cambridge, UK: Cambridge University Press.

Chapman, R., & Styles, I. (2006). An epidemic of abuse and violence: Nurse on thefront line.(Report). Accident and Emergency Nursing, 14(4), 245.

Cohen, G. L., Aronson, J., & Steele, C. M. (2000). When beliefs yield to evidence:Reducing biased evaluation by affirming the self. Personality and Social Psy-chology Bulletin, 26(9), 1151–1164. doi:10.1177/01461672002611011

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


Cohen, G. L., Sherman, D. K., Bastardi, A., Hsu, L., McGoey, M., & Ross, L.(2007). Bridging the partisan divide: Self-affirmation reduces ideological closed-mindedness and inflexibility in negotiation. Journal of Personality and SocialPsychology, 93(3), 415–430. doi:10.1037/0022-3514.93.3.415

Cohen, L., Manion, L., & Morrison, K. (2007). Research methods in education (6thed.). London, UK: Routledge.

Colling, R. (2001). Hospital and healthcare security. Oxford, UK: Butterworth-Heinemann.

Coole, M., & Brooks, D. J. (2009). Security Decay: An entropic approach to definitionand understanding. Paper presented at the Proceedings of the 2nd AustralianSecurity and Intelligence Conference, Perth, Australia.

Coole, M., & Brooks, D. J. (2011). Mapping the organizational relations within phys-ical security’s body of knowledge: A management heuristic of sound theoryand best practice. Proceedings of the 4th Australian Security and IntelligenceConference (pp. 38–46). Perth, Australia: Edith Cowan University.

Cortina, J. M. (1993). What is coefficient alpha? An examination of theory and appli-cations. Journal of Applied Psychology, 78, 98–104.

Craighead, G. (2003). High rise security and fire life safety (2nd ed.). Woburn, MA:Elsevier.

Douglas, M. (1978). Cultural bias. London, UK: Royal Anthropological Institute.Douglas, M., & Wildavsky, A. (1982). Risk and culture: An essay on the selection

of technical and environmental dangers. Berkeley, CA: University of CaliforniaPress.

Field, A. (2009). Discovering statistics using SPSS (3rd ed.). London, UK: Sage.Fischer, R. J., & Green, G. (2004). Introduction to security (7th ed.). Oxford, UK:

Elsevier.Giner-Sorolila, R., & Chaiken, S. (1997). Selective use of heuristic and systematic pro-

cessing under defense motivation. Personality and Social Psychology Bulletin,23(1), 84–97. doi:10.1177/0146167297231009

Hopkins, A. (2005). Safety, culture and risk: The organisational causes of disasters.Sydney, Australia: CCH Australia Limited.

Kahan, D. M. (2002). More statistics, less persuasion: A cultural theory of gun-riskperceptions. University of Pennsylvania Law Review, 151, 1291–1329.

Kahan, D. M. (2007). The cognitively illiberal state. Stanford Law Review, 60(115),101–140.

Kahan, D. M. (2008). Cultural cognition as a conception of the cultural theory ofrisk. Yale Law School, Public Law Working Paper No. 222. Retrieved fromhttp://ssrn.com/abstract=1123807

Kahan, D. M., & Braman, D. (2005). Cultural cognition and public policy. Yale Law& Policy Review, 24, 147–170.

Kahan, D. M., Braman, D., Gastil, J., Slovic, P., & Mertz, C. K. (2007). Culture andidentity-protective cognition: Explaining the White male effect in risk percep-tion. Journal of Empirical Legal Studies, 4(3), 465–505.

Kahan, D. M., Braman, D., Slovic, P., Gastil, J., & Cohen, G. L. (2007). The secondnational risk and culture study: Making sense of—and making progress in—theAmerican culture war of fact. Yale Law School, Public Law Working Paper No.222. Retrieved from http://ssrn.com/abstract=1017189

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013


Kahan, D. M., Braman, D., Slovic, P., Gastil, J., & Cohen, G. L. (2008). The future ofnanotechnology risk perceptions: An experimental investigation of two hypothe-ses. Harvard Law School Program on Risk Regulation Research Paper No. 08-24.Retrieved from http://ssrn.com/abstract=1089230

Kahan, D. M., Hoffman, D. A., & Braman, D. (2009). Whose eyes are you goingto believe? Scott v. Harris and the perils of cognitive illiberalism. Harvard LawReview, 122, 837–906.

Kahan, D. M., Slovic, P., Braman, D., & Gastil, J. (2006). Fear of democracy: A culturalevaluation of sunstein on risk. Harvard Law Review, 119(1017), 1083–1087.

Kahan, D. M., Slovic, P., Braman, D., Gastil, J., Cohen, G. L., & Kysar, D. A.(2008). Biased assimilation, polarization, and cultural credibility: An ex-perimental study of nanotechnology risk perceptions. Harvard Law SchoolProgram on Risk Regulation Research Paper No. 08-24. Retrieved fromhttp://ssrn.com/abstract=1090044

Kennedy, M. P. (2005). Violence in emergency departments: Underreported, uncon-strained, and unconscionable. Medical Journal of Australia, 183(7), 362–365.

Kline, P. (1999). The handbook of psychological testing (2nd ed.). London, UK:Routledge.

Leahy, R. F., & Michealman, B. S. (2003). Healing access control woes: Boston’sMassachusetts General Hospital finds a cure for its access control pains with anintegrated system. Security Management, 47(3), 88.

Luck, L., Jackson, D., & Usher, K. (2008). Innocent or culpable? Meanings thatemergency department nurses ascribe to individual acts of violence. Journal ofClinical Nursing, 17(8), 1071–1078.

Mars, G. (1996). Human factor failure and the comparative structure of jobs: The im-plications for risk management. Journal of Managerial Psychology, 11(3), 4–11.

Mars, G., & Frosdick, S. (1997). Operationalising the theory of cultural complexity: Apractical approach to risk perceptions and workplace behaviours. InternationalJournal of Risk Security and Crime Prevention, 2(2), 115–129.

Sands, N. (2007). An ABC approach to assessing the risk of violence at triage.Australasian Emergency Nursing Journal, 10(3), 107–109.

Slovic, P. (1987). Perception of risk. Science, 236(4799), 280.Slovic, P. (1999). Trust, emotion, sex, politics, and science: Surveying the risk-

assessment battlefield. Risk Analysis, 19(4), 689–701.Standards Australia. (2006). HB 167:2006 Security risk management. Canberra, Aus-

tralia: Standards Australia.Starr, C. (1969). Social benefit versus technological risk. Science, 165(3899),

1232–1238.Thompson, M., Ellis, R., & Wildavsky, A. (1990). Cultural theory. Boulder, CO:

Westview Press.Tsohou, A., Karyda, M., Kokolakis, S., & Kiountouzis, E. (2006). Formulating infor-

mation systems risk management strategies through cultural theory. InformationManagement and Computer Security, 14(3), 198–217.

Wakefield, A. (2003). Selling security: the private policing of public space. Devon,UK: Willan Publishing.

Yale Law School. (2009). The cultural cognition project. Retrieved from http://www.culturalcognition.net/

Dow

nloa

ded

by [

Edi

th C

owan

Uni

vers

ity]

at 0

3:59

27

Mar

ch 2

013

Informing security through Cultural Cognition: The influence of cultural bias on operational...

Documents

Transcript of Informing security through Cultural Cognition: The influence of cultural bias on operational...