Purpose This study aims to argue that in the case of quantitative security risk assessment, individuals do not estimate probabilities as a likelihood measure of event occurrence. Design/methodology/approach The study uses the most commonly used quantitative assessment approach, the annualized...