Thinking about Security: The truth about dishonesty

Dan Airley has done a great video on the impact of micro versus macro dishonesty. You can watch it here: - the gist is that large number of people being dishonest in a minor way have a greater impact than a small number of people undertaking major dishonest actions.

He tested 30,000 people. The results of the experiment found 12 “big” cheaters and 18,000 “small” cheaters. The impact of the big cheaters was around $150. The impact of the “small” cheaters was around $32,000.

This study shows something interesting, that the overall impact of small acts of dishonesty can be up to two orders of magnitude more than the overall impact of large acts of dishonesty – only because small acts of dishonesty are relatively common and large acts of dishonesty exceedingly rare.

Assuming this is true, it has consequences for the way we think about IT security. IT security is often about protecting against the “large acts of dishonesty”, often perpetrated by outsiders, rather than small acts of dishonesty perpetrated by insiders. If Airley’s results hold, it may turn out that the impact of the small acts of dishonesty perpetrated by insiders may vastly outweigh the impact of large acts of dishonesty perpetrated by outsiders. That because we aren’t that great at noticing the small acts, we tend to underestimate the collective overall impact.

Have a look at the video linked above. It is likely to change your thinking about security.

Please or Register to post comments.

What's Hyperbole, Embellishment, and Systems Administration Blog?

IT pro Orin Thomas provides true tales, snafus, news, and urban legends for Microsoft Windows system administrators.


Orin Thomas

Orin Thomas is a contributing editor for Windows IT Pro and a Windows Security MVP. He has authored or coauthored more than a dozen books for Microsoft Press, and he writes the Hyperbole,...
Blog Archive

Sponsored Introduction Continue on to (or wait seconds) ×