Most business budgets are based on past need and projected outcomes. But when it comes to cybersecurity, outcomes are hard to predict. What has happened in the past doesn’t necessarily inform the future. Not only that, looking ahead can be murky because of the unpredictability of threats.
In his Harvard Business Review article, Alex Blau writes about the psychology and biases that shape how business leaders think about cybersecurity–and some guidance for how to build a rational plan.