Cyber Security's Mass Delusion Effect

Cyber Security's mass delusion effect says that we can protect our data and critical infrastructure from attack as long as we buy the right product, spend the right amount of money, hire the right people and elect the right politicians. This delusion is propagated by journalists, academics, government officials, and the Cyber Industrial Complex; and it's believed by a majority of voters, consumers and vendors.


I suspect that our cyber security mass delusion, like all delusions, exists because the alternative isn't acceptable, or because there's no money to be made in selling anything less than a cure. The reality, however is that the best anyone can do is find novel ways to (1) make a network increasingly more difficult to attack and (2) find ways to absorb the effects of an attack with minimal damage.

Thanks to our worldwide embrace of all things digital, we are more fragile and vulnerable than ever before in spite of the billions of dollars spent on cyber security "solutions".

We need to accept that in a network-powered world, we will always be at risk.

We need to change our thinking and fund programs which help us become more resilient.

Most of all, we need to stop wasting time and money pursuing an illusion of security that will never, ever manifest.