Grandma, Behavioral Economics

Grandma Tardanico was the poster child for behavioral economics — decades before anyone called it that.

Long before Daniel Kahneman and Amos Tversky’s groundbreaking work on Prospect Theory, my grandmother was making business decisions in her Italian deli based on loss avoidance, not financial gain. Fresh bread was the catalyst since it pulled customers in to buy meats and cheeses to go with it. But stale bread? One bad bite and the local Italian community stayed away for weeks. So, buying fresh bread daily wasn’t really a cost. It was insurance against a much greater loss. The fear of losing customers outweighed the price of the loaf.

That’s Prospect Theory in a nutshell: humans make decisions based on biases and heuristics, and loss aversion is one of the most powerful. The pain of a loss scales with the variables involved. Losing $100 hurts more than losing $90, but losing $1,000 barely registers differently than losing $995.

We see the same biases play out in the security sector every day.

Insurance carriers have built metrics to gauge whether a company can stay out of the headlines, assigning risk profiles based on the maturity of processes and practices. But getting the right tools in place to prevent losses? That’s an uphill battle and behavioral economics is exactly why.

Selling a negative is hard. Security companies are asking you to buy something you genuinely hope you’ll never need to use. I know, I know, shut up Paul, stay in your lane, but it’s the truth. Most of the venture-backed, AI-driven security companies that have emerged in the last five-plus years are all selling the same thing: peace of mind. Peace of mind, paired with a quiet hope that you never actually face the outcome the product was built to prevent.

No cyber product is perfect. Nothing is 100% in a landscape that shifts this fast, which is why security researchers still align a risk register to every decision we make. And here’s the key: we don’t build that register around a potential insurance payout. We build it around the real losses called revenue, customer trust, and reputation that no policy can fully restore.

Grandma understood that math instinctively. The bread wasn’t the cost. The empty deli was.

What’s the “stale bread” decision your security team is still avoiding?

If this reflects what you’re seeing in your own environment, let’s continue the conversation—or visit TierPoint Adapt Platform to learn how we’re helping organizations navigate these same challenges.

And if you’re ever nearby, stop by the house. I’ll make sure the bread is fresh.