Selling Security

CIO.com has an interesting article about selling security solutions from Bruce Schneier, a prominent security expert. He describes the difference between Utility Theory and Prospect Theory as applied to human beings.

The Prospect Theory argues that people are prepared to accept high risks for potential losses and low risks for potential gains. In short, spending for security is a financial loss. Hence, enterprises (people) do not prefer to spend for security. Interestingly, the reason is just due to human bias and has no financially sound explanation if carefully analyzed. The article is found here: http://www.cio.com/article/367913/How_to_Sell_Security