We are
really not made for grasping the concept of probabilities, especially not small
probabilities (this is well documented). This is especially problematic when it
comes to systematic security work were taking the right decision in relation to
small probabilities is the key to effective measures.
In security
analysis one has to identify the most important weak areas out of several, all with
low probability. This we’re not meant to be doing and if done unaided we’re
going to be making bad choices. Research show that we overestimate the
probability of things happening close to us (even if it exist good proof that
the probability is low, i.e. purchase earth quake insurance after the earth
quake).
I fear that,
in the case of maritime piracy, some of the information/rumors floating around
in the industry actually makes things worse and makes the already hard security
choices even harder. As this information is not giving people the full picture
(not necessarily by purpose, rather describing the events close to one self) it
will make people assuming wrong things about small probabilities.
But there seems also to be companies out there that
make a business out of presenting events that fit in to their agenda. The other
day I visited a blog by a North America based maritime security company which
presented “piracy news”. From my perspective the “news” seemed a bit to selective
and the blog will make it even harder for people to make the right decisions.