Cyber Incidents are rarely caused by technology flaws.
Browsing the news about critical vulnerabilities and zero-day exploits, on top of the often politically motivated statements about which vendor is a security risk to which nation, we might easily get the impression that technology and flaws in technology are the main cause of cyber incidents. There is however no data that supports this assumption. In fact, the available data shows the opposite. Technology itself is by far the smallest root cause of cyber-incidents.
The real issues leading to cyber incidents are caused by what we do with technology. As The Human Element in Cyber Security clearly documents, the largest root cause is even what we should do but aren’t doing to secure technology. Cyber Incidents are rarely caused by technology flaws. They are mainly caused by the people managing, configuring, and using technology.
Dr. ir Johannes Drooghaag