A recent survey conducted by IBM and Censuswide of the UK market explored some of the drivers for modernisation and revealed some interesting challenges that organisations currently face as more and more businesses expand their digital boundaries. The most interesting finding was the that one of the drivers for modernisation (according to 28% of participants in the survey) was “Changing industry regulations” whilst regulatory compliance was also perceived to be holding organisations back with a whopping 44.8% agreeing with this point.

In a previous blog post, I talked about how regulation was, and indeed should be, driving change as well as the need for companies to get ahead of new rules. But whilst I champion thinking ahead about compliance, I do appreciate (having been actively working in IT security for many years now) that regulation is all too often seen as a force that has positive and negative impacts on security and IT operations in general, often simultaneously driving up standards whilst slowing down the adoption of new technologies.

Security and related controls are all too often seen as a barrier for fast and positive change in the world of business – indeed I know many who think that every-day physical security checks at the airport, or entering a building are unnecessarily draconian. But I think such positions are often informed by several cognitive biases that are easy to fall into which are worth exploring in some detail to see if we can at least understand why regulation can be seen as a two-headed beast. 

Anchoring biases – how early exposure to requirements can bias us

Consider, for example, Anchoring Bias – the idea that we tend to rely too heavily on one piece of information when making decisions. For many, passwords are considered practical and (Read more...)