A Nobel-Winning Solution to Cyber Security
Professor Richard Thaler this week collected a Nobel Prize for his insights into behavioral economics—the idea that, contrary to economic theory, humans are not rational actors when it comes to financial decisions, but can be nudged to make better choices. The most famous application of Thaler’s insight is a law that encourages firms to automatically enroll workers in 401K plans rather than require them to sign up. This simple nudge has dramatically increased the amount that tens of millions of Americans have saved for retirement.
When it comes to cyber-security, it’s clear firms like Equifax could have used a Thaler-style nudge to tighten up their sloppy IT practices. Recall that the Equifax debacle, one of the worst data breaches in history, arose because the company failed to update its software—and a big reason for this is because it lacked incentives to do so.
According to Megan Stiles, an attorney and cyber expert at Public Knowledge, the credit bureaus systemically under-invested in data protection because their short-term interest in profit took precedence over security.