Unconvinced? Here’s a demonstration.
Although it might not seem like it, people’s actions following 9/11 demonstrate just how likely it is you’re miscalculating your cyber risk.
Following the terrorist attacks of 9/11, people began to change their travel plans.
Not the destination that featured in their plans, but the method.
In an effort to avoid flying, an estimated 1.4 million Americans chose to drive to their destinations instead. But driving, as you may be aware, is far more risky than flying. In fact, Americans have an alarmingly high 1 in 114 chance of dying in a car crash compared to a 1 in 9,821 chance of meeting their end thanks to a flight.
Following 9/11, those that changed their travel method weighed up their options then put themselves and their families in significantly more danger. Because, as humans, we’re almost genetically coded to miscalculate risk.
Mental shortcuts vs rational judgement
When it comes to calculating risk, humans rarely attempt to analyse risk rationally. Instead, we typically guess at risks based on how we feel.
If the idea of a plane crash scares us more than the idea of a car crash, we’ll usually conclude that the former must be more risky – even when evidence suggests otherwise.
In years gone by, the mental shortcut (known today as a ‘heuristic’) was paramount to our survival. It helped our ancestors safely negotiate prehistoric savannahs, which explains why the trait stays with us today.
The trouble is, the trait is far from perfect. In all sorts of realms, it leads to us gambling.
And that’s no matter what the stakes might be.
Is it time we dropped the guesswork?
Our inability to accurately calculate risk has obvious implications for those of us in security. It’s our job to monitor and reduce cyber risk.
But, of course, even those of us in security aren’t computers. In the absence of a statistical calculation of cyber risk, we end up guessing.
There’s a chance we might overestimate our cyber risk. But successful cyber attacks are the exception rather than the rule and, knowing this, we’ll almost certainly trick ourselves into underestimating cyber risk as a result.
Yes, we’re experts, which means we’ve got more chance of guessing cyber risk accurately than those outside of security. But, given the stakes, and given the fact that the data revolution is unfolding around us, is there any real excuse for guessing to begin with?
How to accurately calculate your human cyber risk
When the team at CybSafe refer to our platform as the world’s first ‘truly intelligent security awareness, behaviour and culture solution that demonstrably reduces human cyber risk’, they’re not just words.
CybSafe leverages AI-machine learning to calculate a given organisation’s true human cyber risk. And then it goes a step further.
It uses what it learns to deploy security interventions designed to bring cyber risk down. Through a combination of measurement and intervention, CybSafe demonstrably reduces human cyber risk.
CISOs might not be computers. But CISOs have access to computers.
By pushing the right buttons, CISOs can now monitor and work towards reducing a statistically derived calculation of human cyber risk.
To see how CybSafe calculates cyber risk, book a demonstration here.