This picture is all the bullet holes found in allied planes that survived bombing runs in WWII. The logical thought was to fortify all the areas that had been hit by bullets, an American statistician asked the question? Where are there bullets that would have hit the blank places on the planes? The answer? Those were in the planes that DIDN'T survive to return to base.
From this the concept of survival bias was formed - The error of concentrating on the things that made it past some selection process and overlooking those that did not, typically because of their lack of visibility.
This got us thinking, the same thing is currently happening in CyberSecurity assurance. We as an industry are focused on the solutions being managed and run by IT teams as we have established tools for them. We often ignore the SaaS solutions that the business are using due to the lack of visibility.
This is often leaving businesses critically exposed while assurance is given to the board that they have no cyber risks.
Detexian is driven to empower CyberAssurance teams to have visibility of their entire SaaS landscape including solutions being run and managed by the business. Without this visibility the Cyber Assurance teams will continue to have a survivor bias for the IT managed systems.