Quiz Entry - updated: 2026.07.14
What are common management misconceptions about information security?
Managers often dismiss security as a cost center, assume firewalls are enough, or believe their company isn't a target.
Classic management excuses:
| Misconception | Reality |
|---|---|
| "What does security bring us besides costs?" | It prevents far greater costs from breaches, fines, and reputation damage |
| "We already have a firewall" | A firewall is one control among hundreds needed — it's not a silver bullet |
| "We're not a worthwhile target for hackers" | Every organization has valuable data; attackers also target small companies as stepping stones |
| "Nothing has ever happened to us" | That you know of — many breaches go undetected for months or years |
| "Our employees are 100% loyal" | Insider threats are statistically one of the top risks |
| "We can do without our computers for a few days" | Modern businesses are utterly dependent on IT — even a day of downtime is often catastrophic |
Tip: These misconceptions are exactly what security awareness programs for executives should address. The goal is to shift the mindset from "security as cost" to "security as business enabler."