Despite believing that we are excellent at calculating risk, history has shown that humans suck at making good risk trade-offs. This is evident in our driving records, gambling, and of course, the cybersecurity posture of our organizations. This talk will explore the phenomenon of risk biases including near-misses, loss aversion, and how we perceive threats. We will then look at how these biases affect our decision making as it relates to security to understand why people introduce vulnerabilities into their organizations and fail to address them in a timely manner.
Every minute that goes by, your unknown vulnerabilities leave you more exposed to cyber attacks.