Human perception affects cybersecurity, says study

Psychology and behavioural insights show human perception towards cybersecurity issues is regularly biased and problematic, according to Harvard Business Review.

The review states that cybersecurity managers often use incorrect mental models, such as buying wrong security programmes and firewalls, without thinking about cost implications.

“No matter how fortified a firm may be, hackers, much like water, will find the cracks in the wall,” stated the Harvard Business Review.

‘Reframe metrics for success’

Research and design firm ideas42 has been interviewing experts over the year to identify human behavioural challenges at the levels of executives, IT administrators, end users and engineers and created a novel called Deep Thought: A Cybersecurity Story, with the research.

“Our findings point to steps that security executives and other cybersecurity professionals can take to work around CEOs human biases and motivate decision makers to invest more in cyber infrastructure,” wrote ideas42 in Deep Thought: A Cybersecurity Story.

“Cybersecurity professionals should take into account people’s tendency to overweight information that portrays consequences vividly and tugs at their emotions. To leverage this affect bias, security professionals should explain cyber risk by using clear narratives that connect to risk areas that high level decision makers are familiar with and care deeply about,” it added.

According to ideas42 CISOs should work with boards and financial decision makers to reframe metrics for success in terms of the number of vulnerabilities that are found and fixed.

Similarly, the essay Regarding the Pain of Others by Susan Sontang says that “people concentrate on certain aspects of information in their environment while ignoring others; what a CEO choses to invest in can be thought of in a similar light.”

“CEOs may push their teams to ramp up investment in cyber infrastructure to protect against external threats, but in doing so they may be inattentive to unwitting internal threats that may be just as costly,” she added.

Written from source by Leah Alger

Source: HBR