Schneier on Security
A blog covering security and security technology.
August 2, 2010
Book Review: How Risky Is It, Really?
David Ropeik is a writer and consultant who specializes in risk perception and communication. His book, How Risky Is It, Really?: Why Our Fears Don't Always Match the Facts, is a solid introduction to the biology, psychology, and sociology of risk. If you're well-read on the topic already, you won't find much you didn't already know. But if this is a new topic for you, or if you want a well-organized guide to the current research on risk perception all in one place, this pretty close to the perfect book.
Ropeik builds his model of human risk perception from the inside out. Chapter 1 is about fear, our largely subconscious reaction to risk. Chapter 2 discusses bounded rationality, the cognitive shortcuts that allow us to efficiently make risk trade-offs. Chapter 3 discusses some of the common cognitive biases we have that cause us to either overestimate or underestimate risk: trust, control, choice, natural vs. man-made, fairness, etc. -- thirteen in all. Finally, Chapter 4 discusses the sociological aspects of risk perception: how our estimation of risk depends on that of the people around us.
The book is primarily about how we humans get risk wrong: how our perception of risk differs from the reality of risk. But Ropeik is careful not to use the word "wrong," and repeatedly warns us not to do it. Risk perception is not right or wrong, he says; it simply is. I don't agree with this. There is both a feeling and reality of risk and security, and when they differ, we make bad security trade-offs. If you think your risk of dying in a terrorist attack, or of your children being kidnapped, is higher than it really is, you're going to make bad security trade-offs. Yes, security theater has its place, but we should try to make that place as small as we can.
In Chapter 5, Ropeik tries his hand at solutions to this problem: "closing the perception gap" is how he puts it; reducing the difference between the feeling of security and the reality is how I like to explain it. This is his weakest chapter, but it's also a very hard problem. My writings along this line are similarly weak. Still, his ideas are worth reading and thinking about.
I don't have any other complaints with the book. Ropeik nicely balances readability with scientific rigor, his examples are interesting and illustrative, and he is comprehensive without being boring. Extensive footnotes allow the reader to explore the actual research behind the generalities. Even though I didn't learn much from reading it, I enjoyed the ride.
Powered by Movable Type. Photo at top by Per Ervland.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..