What is the REAL risk in cyber risk?

Peter Cochrane worries whether a general news climate for FUD may make our online security difficulties worse in 2017

If ever people needed to understand and be able to cope with risk, it's now!

The common perception sees the turmoil of 2016 cascading into 2017 and people cite technological advancement, globalisation, immigration and population growth as the primary cause mechanisms. I'm not so sure, though! Having lived through a time of many regional wars, The ozone layer hole, global freezing, global warming, pandemics, the rise of global terrorism, and now the growing cyber security problem, I would say we have certainly broadened the risk spectrum significantly. But the actual numbers of people killed or harmed in some way has actually reduced significantly since WWII, and it might now be reaching a plateau! Counterintuitive? Perhaps! But this is fact over belief, hype and hysteria, and easy to check!

Perhaps the more fundamental problem is people's willingness to believe compounded by fundamental inability to assess risk. I have met and known statisticians and Professors of mathematics engaged in risk assessment who were anything between brilliant and totally confused. Whilst they had the statistical tools, they often overlook causality, or perhaps worse, the validity of their source materials. Curiously, they would often obsess over minor health issues in their family, but owned cars that were never serviced or cleaned that had bald tyres! What is it about risk that blindsides the intelligent and dumb alike ?

Our media has a lot to say on the topic, whilst being culpable for the spread of confusion. Remember the 'Contraceptive pill triples the risk of thrombosis' headlines of 2008-9? They caused a UK-wide panic, but turned out to be insignificant. We can't even state the threat of thrombosis with any confidence for the female population of child-bearing age. The best data I can find says it is somewhere between 2:10K, and 1:50K. So a 3x increase sees a risk somewhere between 6:10K and 6:50K. Not hugely significant, compared to the general tone of the messaging.

Another scurrilous risk, report and panic was 'MMR jab causes autism' in 2004. This turned out to be based on poor science, bad information, and perhaps a desire to find a desired result. It resulted in a 95 per cent drop in child immunisation in some communities with many unnecessary deaths and suffering, and public perception is still tainted and confused.

In the USA the terrorist threat is seen as big. But there are reportedly considerably more gun deaths through accidents, suicides, crime and police shootings! And so it is for the 'cyber threat', with users split into the naive, aware and the paranoid. This war front is evolving faster than any other, and 'everyone knows' Russia and China will be switching of the power grid soon - after all they are already watching and listening to every one of us as individuals!

The reality is that populations are not only faced with something they do not understand - it is changing faster than they can follow. The headlines are confusing at best and alarmist at worst, and it is all fuelled by the dubious content, scare-mongering and 'post-news' content of social media.

Will this change anytime soon? Not until risk assessment appears in the education curriculum, but even then many will continue to seek out and read only that agreeing with their biased world view!

Peter Cochrane OBE is an ex-CTO of BT who now acts as a consultant who focuses on solving problems and improving the world through the application of technology