---
id: "contrarian-total-safety-impossible"
type: "contrarian-insight"
source_timestamps: ["¶16", "¶17"]
tags: ["security-philosophy", "pragmatism", "contrarian-insight"]
related: ["concept-relative-cybersecurity", "quote-faster-than-the-bear"]
speakers: ["Daniel Dobrygowski"]
challenges: "The conventional view that cybersecurity investments should aim to create an impenetrable, 100% secure perimeter."
sources: ["governance"]
sourceVaultSlug: "hbr-seg-governance"
originDay: 7
articleStem: "hbr-sig-57-smb-cyber-risk"
sourceUrl: "https://hbr.org/2026/06/ai-is-changing-cyber-risk-heres-how-smbs-can-respond"
sourceTitle: "AI Is Changing Cyber Risk. Here’s How SMBs Can Respond."
---
# Total Safety Is an Illusion — Aim for Relative Difficulty

**Conventional view challenged:** that cybersecurity investment should aim to create an impenetrable, 100%-secure perimeter — the "total protection" / "zero breaches" promise common in security marketing.

**The contrarian claim:** [[entity-daniel-dobrygowski|Daniel Dobrygowski]] asserts total safety *cannot* be achieved. The realistic goal is simply to make your system harder to breach than the next potential victim's, relying on the opportunistic nature of many hackers to drive them toward easier targets. This is the philosophical foundation of [[concept-relative-cybersecurity]], memorialized in [[quote-faster-than-the-bear]].

Why it matters for SMBs: reframing the goal from *invulnerability* to *relative difficulty* makes robust defense affordable — you no longer need enterprise budgets to "win," you need to be a worse target than your peers.

> [!note] Counter-perspective (enrichment)
> Security literature broadly agrees perfect security is unattainable, so this insight is mainstream at the strategic level. The important counter is that relative hardness **underemphasizes resilience, detection, and response**. High-value targets face persistent adversaries who will not simply move on; and even a hardened org must plan for *eventual* compromise with incident-response runbooks and business continuity. Relative hardness is necessary but not sufficient.


## Related across articles
- [[concept-airline-safety-analogy]]
- [[concept-compliance-security-conflation]]
