A stage presentation on Information security had just begun when suddenly a technical glitch causes the whole power of the auditorium to shut down. The audience was left in pitch-dark, muddled and astounded amidst eerie silence. Much to everyone’s relief out of nowhere, the presenter then switched on his portable overhead projector to carry on with his presentation….

That event was staged, but it was thought-provoking and inspiring for me. Key takeaways – always have a backup plan and be cautious of “Optimism Bias”. The latter in simple terms means – the idea of living in a bubble where you feel overly confident that nothing can go wrong. To have a robust Information Security system it is not only the technology, policy or people that drive it but there are social aspects that are involved. The irony of the fact is that Optimism bias can be a motivating factor making CISO (Chief Information Security Officer) ambitious and have a positive mindset, but has implications that could be far more damaging. 

There is always an innate essence that drives us to be the best and unique from the rest. This is really good stuff to promote ourselves and the organization. However, on the downside, if for example, a CISO admits the risk and doubts on the information security system. Then most likely it would result in more serious ramifications like the questionable position of the risk management policy, skills of the resources and loss of reputation.

We always tend to overestimate the likelihood of positive events. Some of these optimism bias examples can be – “I am going to live for many years, I am going to encounter positive events (like a party, receiving gifts).” It is also in our natural behavior to underestimate the likelihood of negative events – “I could never get into a car accident, I could never get lung cancer even if I smoke, my chances of getting a divorce is minimal.” The normal human tendency is that we tend to be speculating confidently on cognitive factors. We over-speculate or under-speculate on something which we can’t measure. So it is quite likely that optimism bias has the potential to cloud our judgment. In the healthcare division, studies reveal that optimism has positive effects on health, reducing the stress and anxiety; and motivating the patients to eat healthily and exercise more (Sharot, T., 2011). But can this be applied in IT model??