This work adds a new perspective to the stream of organizational IT security risk management literature, one that sheds light on the importance of IT security risk perceptions. Based on a large-scale empirical study of Cloud providers located in North America, the study reveals that in many cases, the providers’ decision makers significantly underestimate their services’ IT security risk exposure, which inhibits the implementation of necessary safeguarding measures. The work also demonstrates that even though the prevalence of IT security risk concerns in Cloud adoption is widely recognized, providers only pay very limited attention to the concerns expressed by customers, which not only causes serious disagreements with the customers but also considerably inhibits the adoption of the services. Contents Cloud Computing IT Security Risk Perception IT Security Risk Management Unrealistic Optimism Perceptual Incongruences Recommended Actions for Providers and Users Target Groups Information systems and computer science researchers and students Decision makers of Cloud provider and customer companies The Author Dr. André Loske received his doctorate at the chair of Information Systems Software Business & Information Management at the Technische Universität Darmstadt, Germany. His main research interests are organizational IT risk management and the perception of IT security risks.