Secure by
⌘K
Home
Blog
aAbout
sSpeaking
cContact
nNewsletter
cCourses
bBook
Favorites
History
All Posts
News
Behavioral science
Risk Management
Compliance
Management
All Posts
News
Behavioral science
Risk Management
Compliance
Management
Mar 23, 2024
Under Behavioral science & Risk Management
256 views

The Curse of Security Knowledge

DALL·E 2023-12-11 09.11.47

Have you ever found yourself in a situation where you were trying to explain something to a group of people, but they couldn’t understand what you were saying?

This happens because of a cognitive bias called the “curse of knowledge,” which makes us assume that others have the same background knowledge. This can be especially problematic in complex fields like ours in cyber security.
Sometimes, we may unintentionally use technical language and forget that our primary audience comprises non-technical individuals. This can cause confusion and miscommunication, leading to a lack of understanding and potentially compromising security measures.
So, you must keep things simple and use plain language when explaining cybersecurity concepts.

Here are a few examples of the bias affecting us all:

  • When discussing password security, it’s easy to forget to stress the importance of using strong, unique passwords.
    This is because we often assume that everyone already knows this essential information. Similarly, when communicating about cybersecurity threats or attack vectors, professionals might think their audience is already aware of the latest developments and not provide enough context or details in their message.
     
  • It is also common for IT security professionals to use technical language when communicating potential security threats without contextualizing the risk’s real-world impact on individuals or organizations.
    This can create a lack of understanding among decision-makers, who may struggle to allocate resources effectively as they do not fully comprehend the potential consequences of a security threat.

To address this issue, it is essential to recognize that not everyone has the same level of expertise.
When explaining cybersecurity concepts to people who may not be familiar with technical terms, you must avoid using jargon and complex language.

Also, when communicating risks, it is essential to tailor your language to the knowledge level of your audience. This means looking at your user groups, identifying their risky behaviors, and addressing those behaviors in a suitable language.

Using storytelling when describing risk scenarios is a simple trick to make risk management more effective. Our brains love a good story; it helps capture your audience’s attention and improve their understanding of the risks involved.

You must also regularly update and educate users on cybersecurity risks and best practices. Please don’t assume that once a concept is communicated, it will be remembered indefinitely.
Remember that your co-workers may leave their positions, and new colleagues may not have heard your message.

The curse of knowledge affects us all and can pose significant risks to the organization if left unaddressed. However, many security awareness specialists already use frameworks to mitigate this issue. Have you implemented any such framework?

By addressing the curse of knowledge, we can improve the effectiveness of our communication and work towards creating a security culture that is essential for our organization’s safety.

Mar 23, 2024
Under Behavioral science & Risk Management
256 views

Want to get information on new blogposts and offers on other brainy knowledge?

Sign up for the brainy newsletter !