Does this 1981 study provide the background to why IT Professionals, with an expert knowledge of cyber threats, still frequently become the victims of cyber attacks?
In 1981, the Sedish psychologist Ola Svenson was researching people’s assessment of their own individual abilities.
There had been speculation amongst the psychological community for some time that, actually, people tended to be inherently overconfident. Svenson devised a test to settle the matter once and for all.
Svenson interviewed a group of drivers from America and Sweden and asked them a single simple question:
How do you rate your driving ability in relation to the ability of all other drivers in this study?
Whilst the hypothesis was that most would overestimate their ability – the results were surprising..
An incredible 93% of American drivers and 69% of their Swedish counterparts believed themselves to be a better than average driver – a mathematical impossibility!
“In summary,” wrote Svenson when reporting the results, “there was a strong tendency to believe oneself as safer and more skilful than the average driver.”
Svenson’s study might well explain why IT professionals, with an expert knowledge of cyber threats, are still frequently victims of cyber attack.
Overconfidence leads to carelessness
Svenson’s findings have been replicated a great many times since the study was published. Time and time again, researchers have found people to overestimate their own abilities – in areas that now include teaching, entrepreneurship and (perhaps predictably) sex.
The ramifications of overconfidence, as you might expect, are overly-risky behaviour. Overconfidence has been cited as a chief driver of legal disputes, employee strikes, stock market bubbles and even war (I didn’t mention referendums..).
If overconfidence can bring about the deaths of millions of people, or bring about a stock market crash, can it also leave IT professionals vulnerable to cyber attacks? And if so, is there any way to help these staff overcome the bias?
Experts even more vulnerable
Without a specially designed and controlled experiment it is difficult to pinpoint overconfidence as a root cause of IT Professionals falling victim to cyber attack. Anecdotally though, false confidence might explain why IT Pro’s tend to drop their guard when away from the office. Academically, a study into overconfidence amongst experts gives further cause for concern.
The study, published in 2005, saw both experts (such as commentators and journalists) and non experts trying to predict the results of football matches during the 2002 FIFA world cup.
The experts were just as useless at predicting outcomes as the non-experts. The only difference was that the experts were all extremely confident in their ability to predict the outcome, the non-experts were not.
The study suggest simply being an expert increases this effect.
Combating overconfidence:- how IT professionals can protect themselves from enhanced risks
These studies into overconfidence serve as a useful reminder.
IT professionals, with an advanced awareness of cyber threats, can still be (and frequently are) victims of cyber attack. The risks to IT pros are enhanced even further due to how much cyber criminals stand to gain from targeting IT guys.
What can those working in the sector do to combat overconfidence?
In 2014 the leading researcher in the field, David Dunning was asked for his tips on overcoming overconfidence.
“Use confidence to put in the extra effort” Dunning advised. “Always be learning.”
Carbon Cloud and CybSafe help businesses to overcome the human risk to their Cyber Security plans. Contact us to find out how an intelligent cyber awareness platform can help your IT staff minimise the risks of a breach.
Read more here
Or lets have a chat