Quiz Entry - updated: 2026.07.05
What are common management misconceptions about information security?
Typical misconceptions include "we already have a firewall," "we're not a target," "nothing has ever happened," and "our employees are 100% loyal."
Common excuses from management:
- "What does InfoSec bring us... besides costs?" — Ignores regulatory requirements, reputation risk, and competitive advantage
- "We already have a firewall" — Security is much more than one technical control
- "We're not an interesting target for hackers" — Automated attacks don't discriminate by company size; SMBs are actually frequent targets
- "Nothing has ever happened to us" — Data theft often goes undetected; absence of evidence is not evidence of absence
- "Our employees are 100% loyal" — Insider threats are real; loyalty doesn't prevent human error
- "We can easily do without computers for a few days" — Most modern businesses would halt without IT
Why these are dangerous: Each misconception leads to underinvestment in security. The reality is that over 50% of companies that suffer complete data loss go bankrupt within 24 months.