Learned Helplessness - Did you stick to that diet ?

Research in individual behavior is abundant. However, it is limited regarding cyber behavior and almost absent from the viewpoint of the cybersecurity professional.
 
Virtually all of that literature that exists is from the viewpoint of the individual that is the target of a cybersecurity incident, e.g., the individual who opens up an infected email, or the individual who falls for a phishing attack.
 
Very little, if at all, is from the viewpoint of the cybersecurity professional whose job is to develop and implement cybersecurity solutions. With that in mind, this center is on that focus, the behavior of the cybersecurity professional who must come up with solutions – to stop that person from opening up that infected email or falling for the latest social engineering attack.
 
With the extensive amount of literature available, one would assume that we could help these cybersecurity professionals examine their behavior. Are there things with their behavior that they could change to help them make better cybersecurity decisions.
 
Since the body of knowledge on psychology dates back centuries; and with the likes of Freud, Watson, Pavlov, and many great others; we could then assume that within this great body of knowledge we could unlock this answer and develop cybersecurity solutions that could, in turn, help people not to fall victim to these exploits
 
However, we begin to run into trouble here.
 
Have you stuck to that diet?
Have you quit smoking?
Stop drinking?
Given up fast food?
 
The list goes on and on.
 
If we cannot change our behavior, how can we expect to change others, especially their cyber behavior?
 
When we hear about the latest security incident, many times we recognize them as being similar to earlier incidents. These incidents seem to occur over and over, think social engineering, phishing, or trusted relationships, all active and still very successful.

Why do these similar security incidents keep happening? Why do people fall for the same tricks, why do security personnel develop, implement, maintain, upgrade similar protection technologies, only to be exploited time and time again. Organizations set up training programs for their employees, yet still, fall victim to these attacks.
 
Why are we always vulnerable?

Have we come to accept this as normal?
 
Have we fallen into Learned Helplessness?
 
Learned Helplessness
 
We accept a certain outcome, this outcome is unavoidable, and there is nothing we can do about this outcome. This can be all in the subconscious, we do not even know it happening, yet our behavior will be directed by this
 
This becomes a real issue for cybersecurity personnel; we cannot accept this, we cannot let this lead our behavior. And while we may not have stuck to that diet, we can do things to lose weight, eating a little better, with some encouragement, less smoking, cutting back with help, minimize drinking, again with help.
 
Cybersecurity professionals need to keep pushing the envelope and move away from this is all we can do, to we can do this and more. We can move away from, well, this is the best job I can accomplish.
 
We can modify our behavior, and we can unlearn Learned Helplessness. It's important that we are aware of this, and this could be subconsciously directing our behavior. We then can become better Cybersecurity professionals and protect our networks, our people and our nation.

Learned helplessness: Theory and evidence.
By Maier, Steven F.,Seligman, Martin E.
Journal of Experimental Psychology: General, Vol 105(1), Mar 1976, 3-46