A new study by Forcepoint shows how the decisions of cybersecurity professionals can be influenced by six universal unconscious human biases. The author, Dr Margaret Cunningham, believes that “in cybersecurity, understanding and overcoming security-related perceptual and decision-making biases is critical, as biases impact resource allocation and threat analysis.”

The six biases that may influence cybersecurity decision making are:

• Aggregate bias (assuming that what is true for a population must be true for a sub-group or individual)
• Anchoring bias (relying too heavily on an initial piece of information when making subsequent decisions)
• Availability bias (believing that just because someone can easily recall examples of certain types of events, these are more likely to occur than other events)
• Confirmation bias (favoring information that confirms previous assumptions and initial biases)
• The framing effect (evaluating options based on how they are worded/framed)
• Fundamental attribution error (viewing other people’s failures or mistakes as part of their identity rather than the result of contextual or environmental influences)

Dr Cunningham argues that “building awareness of cognitive biases can help us move beyond biased decision making, and more importantly, help us avoid designing systems that perpetuate our own biases in technology.”

Read more: How human bias impacts cybersecurity decision making