Cognitive Biases

Cognitive Biases

• Cognitive Biases: These are tendencies to favor certain perspectives or outcomes based on past experiences, environment, and cognitive abilities. They can influence decisions and business outcomes in cybersecurity.

• Types of Cognitive Biases:

  • Availability Bias: Relying on immediate examples that come to mind. For instance, if recent news focuses on ransomware, analysts might overestimate its risk.

  • Confirmation Bias: Seeking information that confirms pre-existing beliefs while ignoring opposing data. This can lead to biased investigations.

  • Correlation is Not Causation: Assuming that because two events occur together, one causes the other. It's important to look for evidence of causation, not just correlation.

  • Anchoring Effect: Focusing too heavily on the first piece of information encountered. For example, an initial price point in negotiations can anchor further discussions.

  • Illusory Correlation: Perceiving a relationship between variables when none exists. The brain tends to find patterns even when there are none.

  • Framing Effect: Decisions are influenced by how information is presented. For example, emphasizing that "one in five companies never got their data back after a ransomware attack" can lead to buying expensive security tools for low-probability risks.