Now, when we read across into cyber security, there’s a similar effect at work. Picture increasingly strict security controls, represented again by the purple line going up. This is the “tightness” of the straitjacket into which users are being forced. But as that constriction gets tighter and tighter, the number of compliant users goes down. They invest time in finding workarounds that will make their lives and jobs easier.
So, the blue curve, the number of compliant users, goes down as the strictures and compliance rules increase. This implies that there’s a maximal point to cyber security controls too.
It is well known that 100% security is impossible. Every attack requires defending, but the attacker only has to get through once in order to cause harm. So, the odds are stacked against the defender.