Select Page

Gains, losses and unconscious calculations

CYBSAFE-SebDB Webinar-preblog-221011MS-36

13 September 2017

Our attitudes to loss make us vulnerable online. Here’s how we can nullify the risks – starting with a question. Which of these two generous offers would you rather take up? The first is £1000 in cash with no strings attached. The second is the chance to win £2000 – but only if a coin toss lands on heads. If it lands on tails, you get nothing. So it’s £1000 for sure or the chance to win £2000. Make your choice and remember it.

Next, which of these two losses would you prefer to suffer? The first is a £1000 loss, guaranteed. The second is the possibility of a £2000 loss – but only if a coin toss lands on heads. If it lands on tails, you lose nothing. Give up the £1000 willingly or take a chance. Which is it going to be?

Our inherent and illogical attitude to risk

If you’re anything like the average person, you’ll have played it safe in the first scenario and opted for the guaranteed £1000.

But in the second scenario, you’ll have changed your tactic entirely. Faced with a guaranteed loss, you’ll have been happy to gamble for the chance to lose nothing at all.

This isn’t foolproof but it does seem to be the way most of us are wired. When it comes to gains, we prefer to play it safe. But when it comes to losses, our desire to avoid loss is so strong that we’re happy to take risks to avoid a loss entirely.

Sadly, it’s a quirk that leaves us vulnerable to cyber attack.

Downloading from untrusted sources

Although the implications of the above for cyber security are numerous, perhaps the most obvious example is that of downloading programs from untrusted sources.

Those of us who are based in offices (and, indeed, many of those who aren’t) are reliant on a suite of applications to ensure we can do our jobs properly. We might need access to word processing software, data manipulation software, photo editing software and video conferencing software as standard – before even getting into specialist tools.

Much of the software we rely on is easy enough to download. But, of course, downloading anything from the internet comes with an element of risk.

Why we might jeopardise our cyber security

Consider an analyst who, while studying market trends, purchases a report from a research company. After the purchase, he realises he needs Adobe Acrobat Reader to read the PDF he’s just bought. It’s a program he doesn’t yet have. He faces a choice.

The analyst can accept the certain loss that comes with not downloading the software (both in a financial and practical sense). Or he can gamble and download the software.

The risks associated with downloading the software are small. It’s highly likely nothing bad will happen.

And that’s is precisely why it sometimes does.

Losses are only half the story

It’s worth remembering that losses are only half of the story. The other half, of course, is what the analyst in the above example stands to gain.

If he decides not to download the software, he makes a loss – for sure. But he simultaneously maintains his cyber security. It’s a guaranteed loss for a guaranteed gain.

Multiple behavioural studies have shown people prefer potential large losses to smaller, guaranteed losses. The same studies have shown people prefer smaller, guaranteed gains to potential big gains.

But what happens when it’s guaranteed losses vs guaranteed gains?

Encouraging people to stay safe online

The simple answer to the above question could enhance the cyber defences of any organisation.

When faced with a traditional cost/benefit trade off, we assign weights to both the costs and the benefits of each outcome to decide which we believe is the right course of action. Does overcoming a minor inconvenience justify potentially jeopardising customer data?

People answer the above question without thought every single day. And every day, people decide that, actually, they’re happy to take the risk.

Fortunately, increasing the benefits associated with staying safe online is all it really takes to ensure people avoid the risk entirely – and that’s exactly what the cyber security industry needs to start focusing on.

By increasing the benefits associated with staying safe online, cyber security professionals can prevent the everyday gambles most people unconsciously take.

Behave Hub newsletter CybSafe

Do one more thing right today. Subscribe to the Behave newsletter

You may also like

Maximizing security awareness engagement: How the pros do it

Maximizing security awareness engagement: How the pros do it

Ditch mandatory training, starting riiiight…now!Want to boost security awareness? Talk about something else entirelyGet serious about funThe top mic-drop insights from our Cybersecurity Awareness Month engagement webinar We know people whose organizations make a big deal of CAM are much more...