Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
Cyber Tactics ColumnSecurity Enterprise ServicesSecurity Leadership and ManagementSecurity Education & Training

Cyber Tactics

Group attribution error – The most pervasive and potentially consequential threat of our day

By John McClurg
SEC1020-Cyber-Feat-slide1_900px
SEC1020-cyber-slide2_900px
SEC1020-Cyber-Feat-slide1_900px
SEC1020-cyber-slide2_900px
October 1, 2020

Hermeneutics, a hodge-podge of psychology, sociology, anthropology and philosophy — with a dose of linguistics thrown in for good measure — examines the variables around which we construct and impute meaning to our world. This process is more colloquially known as interpretation theory. Today, the data points that can inform any interpretation are growing exponentially and are surpassing our ability to cognitively wrap our minds around them. This is a challenge in whatever sphere we operate — be it physical or cyber. Math model (algorithmic) bias is an example of how this error, experienced in the physical world, raises its head in cyberspace. In these instances, the possibility of committing what is known in cognitive research as a Group Attribution Error looms large as the most pervasive and potentially consequential risk of our day.

Group Attribution Error encompasses the proclivity of people to believe that either a group’s decision or way of thinking is reflected or shared by each member of that group, or that the preferences and characteristics of an individual are reflective of the group as a whole. And while this term originated within the discipline of cognitive science, it’s a phenomenon reflected with increasing frequency in daily newscasts and in many aspects of cybersecurity.

The possibility of falling prey to Group Attribution Error is exacerbated both by the porosity that undermines the distinctions we could confidently make between an individual and their associated group, as well as the cognitive limits of rationality that we as humans carry around with us. There are only so many data points that humans can comprehend. Group Attribution Error occurs as we attempt a convenient shortcut, called an abstraction, in formulating an interpretation based on a quick glance, failing to consider all the data possibly in play.

To appreciate the potential consequences of such an error, we need look no further than the destruction and violence that ensued when recently the qualities of one police officer were imputed to all police officers. The potential consequences in cybersecurity are no less sobering. Math model or algorithmic bias of artificial intelligence (AI) can yet occur, at least until we approach a sample size of “all,” i.e. where theoretically N=All. With a sprawling threat landscape that continues to grow exponentially as we move toward a more digitally hyperconnected world, the propensity for Group Attribution Error has never been higher. In our efforts to combat the most error-proned aspects of our human nature, turning to AI and its growing ability to approach sample sizes of N=All, can potentially save us from the worst parts of ourselves and more robustly secure the cyber realm.

As I’ve written in the past, utilizing AI-driven predictive capabilities and technologies will further augment cyber defenses and help identify and prevent cyber intrusions before they become unacceptably consequential. As malware advance and mutate on a daily basis, it’s imperative to appreciate that while what we knew yesterday can help us proactively predict and prevent — pre-execution, i.e. take the data from yesterday and apply it to interpreting other instances of related malware moving forward — Group Attribution Error can remain a concern because of learning bias that can creep into our math models and limited sample sizes. We cannot, consequently, rest on our laurels and become cavalier in our application of what we think we know about the known and its predictive relationship to the unknown — that’s a job we appreciate as better suited for the algorithms of AI. This technology can respond in real-time and intake many more data points than humans can cognitively process. And because AI doesn’t suffer from the innately human effects of stress, fatigue or burnout — variables that often compel us into Group Attribution Error — it can better manage a threat landscape that suffers a constant onslaught of cyber assaults. AI remains, however, a human invention, and as such we must not allow our biases to unconsciously creep into its operations. This calls for a stronger commitment within our cybersecurity community to a new consideration of diversity, outside historic biases unduly influenced by Group Attribution Error.

KEYWORDS: cyber security endpoint security information security risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

John mcclurg

John McClurg served as Sr. Vice President, CISO and Ambassador-At-Large in BlackBerry's/Cylance’s Office of Security & Trust. McClurg previously was CSO at Dell; Vice President of Global Security at Honeywell International, Lucent Technologies/Bell Laboratories; and in the U.S. Intelligence Community, as a twice-decorated member of the Federal Bureau of Investigation.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Coding on screen

Research reveals mass scanning and exploitation campaigns

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

2025 Security Benchmark banner

Events

May 22, 2025

Proactive Crisis Communication

Crisis doesn't wait for the right time - it strikes when least expected. Is your team prepared to communicate clearly and effectively when it matters most?

September 29, 2025

Global Security Exchange (GSX)

 

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • Cyber tactics

    2023: The year for contextual cyber threat intelligence

    See More
  • cyber security

    Reflections on 35 years in the trenches

    See More
  • Cyber

    Have we declared “open season” on CISOs?

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing