The Demise of the SecurEcons?
Now you are probably wondering what I am talking about when I use the word SecurEcon. Well it’s not a character from the latest Transformers film, although thinking about it I may offer it as a suggestion to Steven Spielberg. Instead it is a word that, I think, I have made up. Now we all used to neologisms but is this one too many?
In Nudge: Improving Decisions About Health, Wealth, and Happiness, Richard Thaler and Cass Sunstein make the distinction between “Econs,” those Mr Spock-like beings who make economic choices based purely on a logical basis without the failings of irrational “Humans,” with all their frailties. Humans can on occasion make decisions based on self-sacrifice, mood, hunger, lust and other transient factors, completely ignoring logic. This got me thinking about if we could extrapolate this into our world of risk and security: hence the birth of the SecurEcon.
SecurEcons are that breed of security professional / practitioner for whom total security is the ultimate goal. The need for security, perhaps defined as the protection of people, property and assets, both logical and physical has possibly never been higher, but does that mean we have to have security at all costs. The threats from organised crime, lone wolves, corporate and state sponsored espionage, hacktivists, anarchists and terrorists are enormous and varied and potentially they could be crippling.
We could potentially lock down our IT systems with 16 digit passwords that we change daily; we can have body scanners and explosive detectors at the entrance to every shopping mall; CCTV on every street corner and extend the proposed scope of the Draft Communication Data bill so that the content of every call, email or web search is monitored, but I think you will find very few people wanting that. The SecurEcon may point out that this may make certain aspects of our daily lives more secure and that it would be illogical not to secure something if we have the capacity to. The Human may this that this would be intolerable. I remember once commenting to the Head of Security at a major museum that his job would be relatively easy if it wasn’t for the many millions of visitors that walk through the door every year. The SecurEcon would say that if enhanced security can be delivered, possibly at lower cost by banning visitors to the museum, then it would seem sensible to ban visitors. The Human, may say that a museum that doesn’t allow visitors is just a storage facility.
A SecurEcon may favour a Police State where security can be guaranteed because everything is controlled Matrix-style. Some Humans want to overthrow the state, big corporations and any sort of control over our actions but this, for most people is equally unacceptable.
This isn’t to say that we do nothing. Certainly the government is taking this seriously, with no new Police cuts, increasing spending on defence equipment by £12bn to £178 billion over the next decade and recruiting 1,900 new officers at MI5, MI6 and GCHQ; an increase of 15%.
We all have a risk appetite (the amount and type of risk we are willing to accept whilst still being able to meet our objectives) so to use another sci-fi analogy, this time from Star Wars, what we need is some balance in the Force. In the same way that, for quite a considerable period, many of us have been preaching that security in the corporate world needs to be an integral part of a business, becoming a business enabler rather that a business preventer. So, National Security, although it needs to keep us safe as from the bad guys needs to enable us to live our lives as Humans and not SecurEcons.