According to Bruce Schneier, BT’s Chief Security Technology Officer, psychological factors are making it harder for businesses to assess risk objectively. And understanding the force and influence of our human nature leads to better business decision making.

Feeling versus reality

It’s easy to grasp the mathematics of risk. It’s sensible to base our home security risk against the local crime rate and our own investment and maintenance on secure doors and windows. Yet day-to-day business security decisions continually fail to take account of our feelings – and the fact they are often wildly removed from reality.

In a paper entitled The Psychology of Security, Bruce Schneier talks about why we get it wrong so often. Why, for example, we are more afraid of flying than driving a car even though around 2,500 times more people worldwide are killed in cars each year than in airplanes.

Re-thinking security

Schneier, a world-renowned expert on security, believes the explanation is psychological. The appropriate mechanisms in our brains, well adapted to conditions on the plains of East Africa in 100,000 BC, have not evolved quickly enough to cope with modern living. Schneier concludes that “we are not adept at making rational security trade-offs”.

It’s impossible to read the Schneier account of the heuristics we use to assess risk, and the biases that influence our thinking, without a mental head slap and a nod of recognition. But what, if anything, does this mean for business? It reinforces the fact that the human element is often the weakest link as the latest report into Malicious Code by BT INS shows. And it offers businesses a different way of thinking about the security decisions they have taken – or even a new rationale for the future.

Comments