www.AmericanSecurityToday.com September 2020 - Edition
The
outcome of
the
framing effect in the
cybersecurity
industry
is that decision-makers
may choose overkill
solutions that address
specific, low-probabili-
ty risks.
While
all-or-nothing
security may seem like
a sure thing, and a way
to avoid risks, bloated solutions can
negatively impact employees’ ability
to actually do their jobs.
People are their most resilient and cre-
ative when faced with barriers or se-
curity friction, , and imaginative security
workarounds to poorly selected securi-
ty solutions may end up being riskier
than the original perceived threat.
Minimizing bias
These biases are only a small sample
of how the cybersecurity industry is
shaped by human decision making.
To address the impact of cognitive bias,
we must focus on understanding peo-
ple and how people make decisions at
the individual and organizational lev-
el in the cybersecurity industry.
This means raising awareness of com-
mon cognitive biases across agencies
53