Bruce Schneier is one of the most educated authorities on Internet and digital securities - so I cannot pass up this chance to mention his recent essay on 'The Psychology of Security' where he makes good discussion on 'Risk Heuristics':
The first, and most common, area that can cause the feeling of security to diverge from the reality of security is the perception of risk. Security is a trade-off, and if we get the severity of the risk wrong, we're going to get the trade-off wrong. We can do this both ways, of course. We can underestimate some risks, like the risk of automobile accidents. Or we can overestimate some risks, like the risk of a stranger sneaking into our home at night and kidnapping our child. How we get the risk wrong--when we overestimate and when we underestimate--is governed by a few specific brain heuristics.