Behavioral economics teaches us that we are more fearful of immediate losses than future gains. Conversely, we are also tend to choose immediate gains over protecting ourselves from future losses. Especially when the type of loss is too foreign to us or is ever changing.
We do have available to us a tool that doesn’t require a lot of tech to use but perhaps can do more to both enhance and protect our organization than any piece of software or hardware we might have: our imagination.
When things are changing, you can’t rely on static measures or processes designed to defend against what today’s threats. Because the use of technology as a business enabler is ever changing as is the nature of cyber threats, businesses need to take a dynamic approach to risk mitigation and transfer strategies and constantly imagine both the opportunities and the risks they may face tomorrow.
As a report from the UC Berkeley’s Center for Long-Term Cybersecurity and Booz Allen Hamilton states, “….failures of cyber defense in some cases — possibly the most important ones — [are] not necessarily a failure of operational rigor but equally or more so a failure of imagination.”
There are a number of tangible ways businesses can leverage the use of imagination in addressing the cyber risks that they may face. One is through an incidence response simulation. Get your team around a table. Imagine a ransomware event has occurred. What do you do? Do you pay the ransom? How long will your systems be down? How much business do you stand to lose? Brainstorm other scenarios, focusing on ones that could take you out. Risks that cause you to be shut down for an extended period of time or do irreparable harm to your ability to serve your customers or to your reputation.
Not only do these types of simulations help you be better prepared to respond if they occur, it also helps you better define what risks you might face and what defenses to build to mitigate those risks. This can therefore become the basis for your risk assessment (which, if you are simply focused on compliance you generally have to do anyway).
We often think of creativity when it comes to innovation and growth that are critical our long term success. In the ever-changing world of cyber threats, we need to be equally creative when it comes to imagining and addressing risks what are crucial for our long term viability.