Are You Paying the Fear Tax?
Posted on Tue, Aug 24, 2010
The security industry is rife with instances where organizations take knee-jerk reactions to incidents and potential threats. Combine that with a general inability to measure the effectiveness of these reactions and you have a perfect recipe for fear-based decision making. So what is this fear costing your organization? Are you paying the “Fear Tax?”
The "Fear Tax" is an idea recently written about by Seth Godin on his blog. Seth believes we pay the Fear Tax “every time we spend time or money seeking reassurance. We pay it twice when the act of seeking that reassurance actually makes us more anxious, not less. We pay the tax when we cover our butt instead of doing the right thing, and we pay the tax when we take away someone's dignity because we're afraid.”
While he is mostly referring to the actions of government agencies and its use of tax payer money, he expands the idea to encompass decisions made by individuals and organizations. He makes a very strong point, one that is often expressed by leaders in the security industry, when he states: “We should quantify the tax. The government should publish how much of our money they're spending to create fear and then spending to (apparently) address fear. Corporations should add to their annual reports how much they spent just-in-case. Once we know how much it costs, we can figure out if it's worth it.”
Keep in mind that he’s not talking about risk-based decision making. Risk-based decision making weighs the cost or impact of a particular risk versus the cost of mitigating that risk. These decisions are based on measured and predicable information, not knee-jerk reactions or “just-in-case” thinking. The key here is to make rational decisions based on measured data. But how are you going to do that if you’re not actually measuring the impact your security activities are having on your organization?
During our Security Process Optimization analyses and reports, we often focus on the organization’s ability to measure their security department and activities as well as their impact on the organization. We even have particular tools designed specifically to help organizations do just that. We continually hear from industry thought leaders that metrics and analytics are the key to developing a best-in-class security department.
So why are so many organizations missing the boat? Why are so many paying the “Fear Tax?”