Posted on February 19, 2025

Biases significantly impact our daily lives.

Both our conscious and subconscious brains heavily rely on them. 

Biases are shortcuts - mental ones, that help us process information at lightning speed. But in a world of perceived threats, political divisions, and a plethora of judgments to render, are we really better off using these convenient mental tools? And do some of our biases make us more inclined to pick up the tools in the first place?

Numerous shortcuts and automatic biases control our thinking and behaviour. 

Some of these mental shortcuts and biases help us perceive and process information more quickly and serve a useful function. However, they can also lead to distorted judgments and decisions when we are put to the test. We are not always as rational and as unbiased as we might think.

Biases, both conscious and subconscious, affect our daily lives in a significant way. 

Elimination of these biases is not practical; they are too deeply embedded in our brains for that. And anyway, some of them are useful. They are shortcuts in thinking that help us get through the day. But their usefulness does not eliminate a potential problem - what happens when a bias that was once useful becomes a mental roadblock to better decisions when we need them?

One of the most widespread biases in the area of security is overconfidence bias. This bias drives our tendency to overestimate our skills and understanding, which in turn leads to something that is almost the opposite of a secure state - a false sense of security.

In the organisational context, being overconfident can lead to poor decisions. 

Businesses may spend lavishly on high-tech security systems but be excessively certain that such "fence" technologies alone can protect them from hacks. Without a truly layered security strategy, even the most advanced technology can be made to fail and always do.

Although overconfidence can result in complacency, optimism bias gives us an overly rosy view of the future, leading us to underestimate the probability of bad things happening. We have a strong tendency to picture a future in which everything turns out just fine.

Our security decision-making is strained even further by confirmation bias because it alters our perception of information. We tend to look for and favour the kinds of information that confirm what we already believe, downplaying or discarding evidence that says otherwise.

Complexity bias can lead us to favour detailed, intricate security solutions, even when straightforward, effective options are available. Like moths to a flame, we gravitate toward complex systems with many features, all but believing that anything simple can't be nearly as secure. And yet, as our forays into the world of management and maintenance of security systems reveal, overly complex systems can and do make us more insecure by increasing the number of opportunities for errors, bugs and flaws.

In the domain of security, where communication and understanding must be clear, the curse of knowledge can have serious results.

The "curse of knowledge" is a cognitive bias that causes individuals who are well-informed about a particular subject to erroneously believe that others are equally knowledgeable. In other words, it's an inability to imagine not knowing something you already know.

Our cognitive bias makes us Favour complex solutions over simple ones, even when the simple ones are more effective. We tend to like things that are fancy or seem high-tech we tend to shun things that are plain or seem low-tech. And even when we find ourselves making a simple solution, we often dress it up in complex justifications and rationales.