A CISO exposed to critical analytics deficiencies during an intervention event may overlook data quality or behavioral issues in a new machine learning product thinking it will prevent similar incidents going forward. Even a positive support experience with insurance during a crisis may inversely promote a more comfortable relationship with the insurance provider that may limit the thinking of new coverage.
Cyber crisis experience is different from other crisis experience
Fortunately, recent research on cybersecurity events and professionals is shedding new light on the impact of cyber events on decision-making. A common view of the effects of a disaster sees psychological effects emanating from major events from those most affected to those most distant. The closer you get, in other words, the more self-centered and biased you become.
With online events, however, distance seems to work in reverse. Disaster responders are likely to see such episodes as unusual, full of different variables that we need to be wary of learning from. On the other hand, decision makers who are interested but not caught up in the crisis, are more likely to cling to real-world analogies – even if they are not related to cybersecurity – and learn lessons that may mislead them.
Source link