Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ColumnsLeadership & ManagementSecurity Leadership and ManagementSecurity Education & Training

Leadership & Management

The gorilla in your security plan

Risk is truly dynamic, and assessments should be frequent, taking into account political, economic and social developments; industry trends; new technology; and more.

By Michael Gips
leader ship and management
Gorilla

Freder / E+ via Getty Images

leader ship and management
Gorilla
September 14, 2023

In a famous ongoing experiment, subjects are asked to watch a short video featuring three people in white t-shirts and three people in black t-shirts passing basketballs. Subjects are asked to silently count the number of passes made by the people in white shirts. The six players move around, change positions, fake tosses and otherwise make it difficult to track the pass count.

During the video, a woman dressed in a gorilla suit walks among the players, turns to the camera, thumps her chest, and walks out of the picture. Half of the viewers concentrate so fully on counting the passes that they never see the gorilla. (I missed it too.) When you watch the video without fixating on the passes, it is shocking to realize that you could have possibly missed the great ape. (The experiment is online here.)

According to Daniel Kahneman in his 2011 bestseller Thinking, Fast and Slow, the study reveals two important things: “We can be blind to the obvious, and we are also blind to our blindness.”

That’s a particularly bad place to be as a security professional.

Yet we often get stuck in ruts and enslaved by our own biases. We may unconsciously give in to the anchoring effect, whereby, for example, reading about a specific risk probability in a magazine case study embeds that number into the assessment of risk in our own security environment, despite the situation having no correlation with the case study.

Or we may succumb to the availability heuristic, in which while determining the likelihood of an event, we give undue weight to immediate examples that come to mind. For example, a security practitioner for a retailer may instantly recall the heavy media coverage of shoplifters cleaning out stores with impunity and tailor the retailer’s security approach accordingly, even if a risk assessment would have dictated otherwise.

The list of cognitive biases is long: confirmation bias, framing effect, hindsight, outcome bias, attribution bias, groupthink, recency bias and the default effect, to name a few. They each furtively impede our thinking.

I asked industry experts how to avoid these traps — to see the gorillas while counting basketball passes. Adriaan Bosch, a senior security consultant at Buro Happold in London, England, notes that part of the problem is our obsession with metrics. “The nature of our profession is to create structures that can be measured and quantified, and thus there are so many standards and guidelines,” Bosch says. “The problem is that the threat is often dynamic, and adversaries are able to develop strategies to counter the well-intended structures and standards.” Getting past that mindset is difficult, he continues. “I have often hit a wall where I would suggest a new mitigation method and the response would be: ‘Where has this been tested,’ or ‘To what standard is this aligned?’”

Susana Marquez Pedrouso, a Spain-based security and loss prevention professional, points out that the most recent prominent example of focusing on the wrong things is the Covid pandemic. Relatively few companies had detailed business continuity plans for a virus; fewer still were prepared for years-long disruption.

“That’s why I believe the obsession to structure risk and crisis management to the limit is creating a very slow capacity to react in many organizations,” she says. “There has to be room to be creative, to innovate, to understand threats and consequences which might never have nailed down.”

Pedrouso echoes Bosch’s comments about the predominance of metrics. “I’m finding more and more security departments drowning in KPIs and protocols, reducing the capacity to perceive new issues and anticipate from a fresh perspective,” she says.

The upshot is that we must continually keep an open mind when thinking about threats, risks and vulnerabilities. Risk is truly dynamic, and assessments should be frequent, taking into account such factors as political, economic and social developments, trends in specific industries, new technology, cultural shifts in the workforce, and so on.

Doing so continuously is a monumental task, perhaps impossible. But doing so regularly and often is realistic.

It’s when we work with blinders on that the gorilla of unforeseen threats strolls into our midst. And, we all know what an 800-pound gorilla does when it shows up: anything it wants.

KEYWORDS: crisis management risk assessment security planning threat assessment threat management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Michael gips headshot
Michael Gips is a Principal at Global Insights in Professional Security, LLC. He was previously an executive at ASIS International. Columnist image courtesy of Gips

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Top Cybersecurity Leaders
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Education & Training
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • Crowdsourcing

    Is Crowdsourcing Your Security Plan a Career Risk?

    See More
  • Women cleaning out her desk

    What's your backup security career plan?

    See More
  • Two women consulting with a group in background

    5 Skills That Will Serve You in Your Security Career

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • Hospitality Security: Managing Security in Today's Hotel, Lodging, Entertainment, and Tourism Environment

  • Risk Analysis and the Security Survey, 4th Edition

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing