This work adds a new perspective to the stream of organizational IT security risk management literature, one that sheds light on the importance of IT security risk perceptions. Based on a large-scale empirical study of Cloud providers located in North America, the study reveals that in many cases, the providers’ decision makers significantly underestimate their services’ IT security risk ex…