Risk and Digital Security: the perception versus reality and the cognitive biases of online protection

The feeling of security and our intrinsic perception of risk is an aspect that is both fundamental to our individuality, but also to how we make the inherent decisions necessary to further our own and others wellbeing, but security is just that, a ‘feeling'. Our sense of risk is calculated by a series of trade-offs, contributed by what we associate our individual sense of value to, and what could positively or negatively affect that wellbeing, whether financially, physically or mentally. Our sense of risk however, is plagued with cognitive and emotional biases; therefore our perception is rarely ever based on the reality, meaning that as a society we are inherently bad at efficiently making meaningful trade-offs. [Schneier, 2008] With this in mind, this is where digital security and identity directly counteracts with that of our natural affinity to associate value to our more tangible assets and possessions. Almost universally, individuals and businesses alike, do not associate the appropriate level of value, therefore do not perceive the risk to the data that we store, or that of the information that we actively disseminate out about ourselves. This is also contributed by our irreverence to categorising the internet and our digital footprint as a modern and impactful socio-technical institution. One of our cognitive biases, the availability heuristic, illustrates that we assign the probability of risk of an event or threat, based on how many examples we can bring to mind. [Sunstein, 2004; Schneier, 2008]We watch in the media that cybercrime and fraud is happening constantly, but only to the larger organisations, so when we associate risk, we naturally think that it will not happen to us as an individual or smaller business, because of those biased examples that we can summon to mind. The reality is that cybercrime and fraud is one of the most pervasive threats to multiple aspects of our wellbeing but sits perfectly just outside of our cognitive reasoning of risk.