Herd Behavior in Cybersecurity: The Good and The Bad

Cybersecurity professionals rightly worry about the state of our industry, suggesting that many of our practices don't work, that our interactions resemble speaking into an echo chamber, and that we spend too much time philosophizing about pointless topics. One way to make sense of what's going on is to consider whether the industry's dynamics resemble those of a herd—we might find that not all is bad, though there is room for worry.

A Benefit of a Herd: Increased Vigilance

In a paper on behavioral practices associated with threat detection, Eilam, Izhar and Mort highlight a survival benefit to animals that live as a herd or flock: "the larger the group, the lower the level of individual vigilance and the greater the sum of collective vigilance." Individual animals can spend more time eating rather than watching out for predators, even though the collective as a whole is safer.

In fact, not all members of the herd are equally attentive, which is one of the advantages of this social grouping. The researchers clarified that the individuals at the perimeter of herds are more vigilant than those in the center. As a result:

"Higher vigilance by certain individuals enables other individuals to reduce their vigilance" among social animals.

Dare I draw a parallel to participants of the information security industry?

Through online and in-person interactions we exhibit social herd-like characteristics. Through work, research and writing, some of us pay closer attention to threats, vulnerabilities and risks: This allows others to remain less vigilant without compromising the security of the collective. It seems like a good thing, even if some of the individuals discuss topics without immediate practical applicability.

A Downside of a Herd: Anxiety is Contagious

Eilam, Izhar and Mort point out that there is a characteristic of herds that might counterbalance the benefit of increased collective vigilance: Their research showed that vigilance, and thus anxiety, among social animals is contagious:

"Being among a group of vigilant, watchful and worried conspecifics might exert a contagious effect and, in consequence, other individuals may also become vigilant, watchful and worried."

This is why the "echo chamber" syndrome is undesirable: By rehashing the same topics among the same groups of individuals, we are infecting each other with anxiety that might be disproportionate to the actual risks.

This seems like a bad thing. To address this issue, we should probably:

  • Exercise caution when using FUD to market security
  • Try not to overestimate the repercussions of security breaches or the severity of threats
  • Avoid limiting our social interactions solely to members of the information security industry

Being part of the herd has its benefits, though it's not without problems. May we graze long and prosper.


About the Author

I transform ideas into successful outcomes, building on my 25 years of experience in cybersecurity. As the CISO at Axonius, I lead the security program to earn customers' trust. I'm also a Faculty Fellow at SANS Institute, where I author and deliver training for incident responders. The diversity of cybersecurity roles I've held over the years and the accumulated expertise, allow me to create practical solutions that drive business growth.

Learn more