While countries like Singapore, Oman, United Stated have been steadfast in adopting best cybersecurity practices, several non-profit organizations, companies, and governments are yet to implement the required level of cybersecurity. There has been a constant increase in data breaches and security incidents, and firms should continue to invest more in cybersecurity in the coming years.
An excerpt from Harvard reads, “In the case of cybersecurity, some decision makers use the wrong mental models to help them determine how much investment is necessary and where to invest. For example, they may think about cyber defense as a fortification process. If you build strong firewalls, with well-manned turrets, you’ll be able to see the attacker from a mile away.”
The decision makers also fail to take into consideration the counterfactual thinking. They treat cybersecurity as a temporary issue which can be solved, rather than an ongoing process with never ending possibilities. Hence, cybersecurity efforts should be focused on risk management and not risk mitigation.