The Pratfall Effect & Cybersecurity

Why you should acknowledge wisely your cybersecurity weaknesses

Do you think admitting a mistake is making you and your organization weaker? That’s most likely because you are not aware of the Pratfall effect yet.

Pratfall Effect and authenticity are powerful allies to improve the perception of your cyber organization

Do you think admitting a mistake is making you and your organization weaker? That’s most likely because you are not aware of the Pratfall effect yet.

The Pratfall effect is an interesting ally in improving the perception of your cybersecurity organization.

What is it and how can it help you in cybersecurity?

The Pratfall Effect was first discovered by the psychologist Elliott Aronson in 1966. In a nutshell, he proved that a person considered as successful and smart, who would commit a clumsy mistake and show his flaws, would become even more likable than someone who did not admit their mistakes.

General marketing is already using this principle for years: people know brands can’t be perfect and exceptional at everything. When a brand is honest about its strength and flaws, it gives an emotional touch and a taste of reality. It makes them more credible.

Some examples? Guinness was very slow to pour in the bar. So Guinness marketing department used Pratfall instead of altering their product and created the famous slogan ‘Good things come to those who wait.’ You can find many comparable interesting cases online about the VW Beetle or KFC (for further reading)

If it works for brand marketing, why wouldn’t it work for cybersecurity marketing?

Apply Pratfall to cybersecurity

Brands are not perfect and both your employees and your customers know that. Both groups are most likely aware that cybersecurity incidents will happen.

It might be obvious for your employee that an organization with no known security incident is currently hacked or the security teams might not be fully efficient. Though we fully agree that detailed statistics on Security Operation Center Detection and Response capability should be kept confidential. But why not communicate on selected incidents? An entire culture of secrets in cybersecurity is counterproductive within your organization and customer`s space.

Show your employees examples of what the SOC is catching.

Admit some virus infections that were mitigated. Talk about the root cause to raise their awareness. Provide them with an understanding of the organization’s flaws while showing how a robust operating model and constant improvement will make your organization stronger.

According to your industry, the same can apply to your customers. Showing authenticity on top of a robust cybersecurity operating model can only increase trust. It has also the potential to bring you closer together, if they expect the same could happen to them and you can show how you have solved the case.

BxC Take Away

Be authentic. Admitting to selected cybersecurity incidents while having a robust operating model will strengthen your organization’s trust and support the overall cybersecurity awareness.