 |
Cognitive Biases Ian Farquhar, Advisory Technology Consultant for RSA, the Security Division of EMC Many readers will be familiar with the concept of a cognitive bias. A cognitive bias is an irrational decision made because of a “bias” or mental short cut. Sam Curry has written on this subject previously, as it applies to multi-factor authentication. It is theorized that cognitive biases may have once provided mental short cuts in certain high-risk situations, giving early humans a time advantage in survival situations. Unfortunately, many of these biases have passed their “use by” date, and now cause irrational thinking and poor outcomes. I specifically want to focus on the control bias, that being our tendency to under-estimate the risk when we perceive that we are in control of a situation, and over-estimate it when we perceive we are not in control. This is sometimes also called the “illusion of control”. The classical example is air travel. Many people are afraid of air travel, imagining crashes and a fiery demise which would do ILM proud. Yet most studies show that the chance of dying in an air crash is significantly lower than dying in a car, and the majority of people know this.[1] In a car we have a higher perception of control, so we lower the perceived risk. In flying, we rarely even glimpse the cockpit crew behind their locked door anymore, and so we feel very much out of control, even though the average pilot is so much better equipped to handle emergencies than the majority of us.[2] I wonder if I, like the nervous air traveler, is suffering a control bias? Let’s rationally look at the evidence in part three.
Ian Farquhar is an Advisory Technology Consultant for RSA, the Security Division of EMC. In this role, he advises organizations throughout Australia and New Zealand in areas including information security, cryptography, compliance, privacy and data protection. Ian also contributes to R&D at RSA in the area of hardware security. Ian has over 20 years of experience working in the IT security industry. [1] The actual risk comparison ratio heavily depends on the metric you choose to pivot around, and this is a controversial comparison with lobbies for both road and air industries regularly claiming foul. For example, do you choose deaths per kilometre flown, or an individual’s chance of dying averaged across the whole population in a year, or limit the comparison to frequent fliers? There are many possibilities. One truly distressing metric is that following the Sept 11th attacks in 2001, it is estimated that 1,595 people were killed on US roads, because they chose to drive rather than fly. The number who actually died in the flights on Sept 11th in the four aircraft hijacked was 265. (Source: http://www.guardian.co.uk/world/2011/sep/05/september-11-road-deaths) [2] For a very heartening example of this, listen to the interview with Captain Richard de Crespingy, pilot of the QANTAS Airbus A380 flying route QF32 on the 24th November 2010. QF32’s engine exploded, disintegrated then punctured it’s wing and most of the control cabling just after take off from Changi Airport in Singapore. How the crew managed the risks of a critically damaged aircraft whose diagnostic systems were completely overwhelmed by the extent of the failure, and got the aircraft safely down without a single injury is truly inspiring. http://www.abc.net.au/local/stories/2012/07/26/3554128.htm |
| Update your feed preferences | |
