Do you let recent events affect your judgement when risk evaluating?

The events in our world of cyber get more and more attention from the media, broadcasting the incidents and their sizes.
We all seek this news in our attempt to learn from it to protect ourselves and our organizations, but besides being a source of information, these articles and news posts may affect us more than we know.

Availability bias is a cognitive bias that affects decision-making by relying on information that is easily accessible or easily remembered.

In our cyber realm, availability bias can significantly affect our work, leading to overemphasizing the recent or easily remembered threats and overlooking the important ones. This can then affect our decision-making, resource allocation, and the content of our security policies.
For example, high-profile cyber attacks may influence decisions when we allocate resources to address a specific threat that has gained attention in the media.
Or we may create our policies based on recent incidents instead of considering the broader spectrum of risks.

Our availability bias can also skew our incident response planning towards recent threats, leaving us vulnerable to other less apparent threats.

Communicating only the high-profile incidents to our management can distort their perception of the overall risk landscape and affect how they perceive the cybersecurity measures.

Another fact that we need to remember is that, though exciting and eye-catching, using only recent incidents in training programs can narrow the view of potential threats, leaving our employees unprepared for the diverse range of risks in their daily lives.

To reduce the impact of your availability bias when working in cybersecurity, you can: