Schneier on How to Sell Security

May 27th, 2008 | Tags:

An insightful essay from Bruce Schneier: How to Sell Security.

He discusses the tendency for people to subjectively evaluate risk and tend toward taking greater chances with losses:

When faced with a gain, about 85 percent of people chose the sure smaller gain over the risky larger gain. But when faced with a loss, about 70 percent chose the risky larger loss over the sure smaller loss.

This is from an experiment demonstrating Prospect Theory, which interestingly predicts that people will tend to take greater risks for higher-probability losses.

Bruce talks about how this leads to a problem in the selling of security features, where people are inclined—according to prospect theory—to be increasingly risk-taking as the security threat increases. One option, which is favored in certain areas of the industry, is to fuel fear, although this approach has obvious ethical issues, and I think ultimately, damages credibility and becomes effectively counterproductive. Rather:

The better solution is not to sell security directly, but to include it as part of a more general product or service. Your car comes with safety and security features built in; they’re not sold separately. Same with your house. And it should be the same with computers and networks. Vendors need to build security into the products and services that customers actually want.

Bingo.

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
    bodytext del.icio.us Facebook Google IndianPad Mixx Reddit StumbleUpon Slashdot E-mail this story to a friend! Print this article!
Comments are closed.