Skip to content

Time Frames and Risk Perception

I found myself reading the results of a survey today that had questions about risk perception, or more specifically, about how likely you perceive the Aztec_calendar_(Sunstone)realization of a particular threat to be in a particular time frame. The question made me wonder how much the specified time frame affects your perception of  the risk. Take the following questions as examples:

  • How likely are you to be hit by a car?
  • How likely are you to be hit by a car in the next 10 years?
  • How likely are you to be hit by a car in the next month?
  • How likely are you to be hit by a car today?

With the diminishing time frame, the perception of probability that a threat will be realized decreases. I feel like I’m much less likely to be hit by a car today than in the next 10 years. The same principle can be applied to information security risk. I feel like it’s much less likely I’ll be compromised today than sometime over the next 12 months.

Is that probability actually less? I suspect the answer is yes. At what point does the curve level out? I suspect that’s a much, much harder question to answer as it requires that you actually test the probability, and given the consistent failure of organizations to detect breaches, the results are unlikely to be reliable.

Post a Comment

Your email is never published nor shared. Required fields are marked *