I will explore this in more detail in a later post or presentation, but I have just had a very engaging conversation regarding what we all lose when we think too much about security. My colleague was expounding the joy of sharing free wifi amongst his neighbours when of course I (in my role as the security chappy) immediately informed him of the number of cases of people being arrested because someone was downloading illegal content from their unsecured wifi connection (see http://bit.ly/yiy8QW as an example, albeit in the USA although Google gives plenty of other examples), and confidently informed him they securing his wifi was the only sensible course of action.
His response was robust and convincing, and initially threw me off guard; ” I would prefer to share my wifi amongst my community than to close it off against the tiny chance of it being abused”. He then summed it up in terms that really made sense to me; “I prefer to actively engage with these kinds of risks than to isolate myself from them and lose the multitude of benefits it brings me”. Initially I couldn’t accept this. Why on earth is someone willing to open themselves to these kinds of risks, where even the hint of wrong doing can ruin a persons life? Then I realized I deal with this in exactly the same way in my day job; risk acceptance.
Everybody’s attitude to risk is different. Indeed every company and every senior management team has a different attitude to risk, and the line that is drawn between an acceptable and an unacceptable risk is a moveable feast, even within the same organisation. My colleagues attitude is that of a risk happy organisation, mine is that of a risk averse organisation.
And to think, I had never considered myself risk averse until today!