When talking security with individuals one often observes a distinction in language that completely changes the meaning of the topic: people talk about wanting to feel secure, which is a very different matter from actually being secure.
Humans are poor at understanding security and risk: they overestimate the danger from scary and infrequent events (such as terrorist attacks) and underestimate the dangers of common events (such as road accidents and nutrition-related illnesses).
Humans are also prone to live by the falsehood that “something needs to be done” to remedy real and perceived problems, when it might actually be more pragmatic to not do anything at the time. Security expert Bruce Schneier has written extensively about this, on how the TSA is a multi-billion dollar harm inflicted upon people travelling within the United States after the very successful terrorist attacks on September 11, 2001. The fact that they put travellers through a lot of misery gives people the impression that travel in the United States is safe, when in fact it is not proven to be any safer than it was before 9/11.
This false sense of security is a problem. It causes organisations to spend billions of dollars on security products that do not solve their problems. It causes people to go through unnecessary suffering at airports because they are trained to believe that it is “for their own safety”. At the same time, the companies and people remain vulnerable to the same problems that they believed they were protected from.
A false sense of security can make someone perform a riskier action than they would under normal circumstances – think of the American rules football players, heavily padded and helmeted, who would strike in a more dangerous fashion under the impression that their artificial paddings would protect them against injury. This is the biggest problem with feeling secure: it can actually cause you to be less secure.
How do we guard against responding poorly to perceived risks in these fashions? A measured and thoughtful approach to security that avoids knee-jerk measures helps. Education is key, as is the recognition that there is no silver bullet that rapidly provides security. Security requires a combination of people, processes and technology to function in harmony. All three must come in place and people must recognise that no system is perfectly secure. This is fine. It is not worth the trouble to make something perfectly secure. Live your lives.