The Psychology of Security

February 8, 2007 7:10 pm Tom Tech and Security

Here’s an interesting essay by Bruce Schneier discussing the psychology of security and how humans evaluate risk. It discusses many fascinating research studies regarding human decision making, and helps illuminate why people have a perception of security that is so different from the reality of security.

I found this to be an interesting summary of how we generally evaluate risk:

People exaggerate risks that are:

  • Spectacular
  • Rare
  • Personified
  • Beyond their control, or externally imposed
  • Talked about
  • Intentional or man-made
  • Immediate
  • Sudden
  • Affecting them personally
  • New and unfamiliar
  • Uncertain
  • Directed against their children
  • Morally offensive
  • Entirely without redeeming features
  • Not like their current situation

People downplay risks that are:

  • Pedestrian
  • Common
  • Anonymous
  • More under their control, or taken willingly
  • Not discussed
  • Natural
  • Long-term or diffuse
  • Evolving slowly over time
  • Affecting others
  • Familiar
  • Well understood
  • Directed towards themselves
  • Morally desirable
  • Associated with some ancillary benefit
  • Like their current situation

From the essay:

The truth is that we’re not hopelessly bad at making security trade-offs. We are very well adapted to dealing with the security environment endemic to hominids living in small family groups on the highland plains of East Africa. It’s just that the environment in New York in 2006 is different from Kenya circa 100,000 BC. And so our feeling of security diverges from the reality of security, and we get things wrong.

Why is it that, even if someone knows that automobiles kill 40,000 people each year in the U.S. alone and airplanes kill only hundreds world-wide, they are more afraid of airplanes than automobiles? Why is it that, when food poisoning kills 5,000 people per year and 9/11 terrorists killed 2,973 people in only one year, are we spending tens of billions per year on terrorism defense and almost never think about food poisoning?

And a great quote from psychologist Daniel Gilbert:

The brain is a beautifully engineered get-out-of-the-way machine that constantly scans the environment for things out of whose way it should right now get. That’s what brains did for several hundred million years—and then, just a few million years ago, the mammalian brain learned a new trick: to predict the timing and location of dangers before they actually happened.

Our ability to duck that which is not yet coming is one of the brain’s most stunning innovations, and we wouldn’t have dental floss or 401(k) plans without it. But this innovation is in the early stages of development. The application that allows us to respond to visible baseballs is ancient and reliable, but the add-on utility that allows us to respond to threats that loom in an unseen future is still in beta testing.

Click here to read the PDF version of the essay.

Leave a Comment

Your comment

You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.