Confirmation bias is the tendency to notice, trust, and remember information that supports what you already believe, while dismissing evidence that conflicts with it. In cyber security, this can affect analysts, investigators, incident responders, and even users. For example, a defender who expects a phishing campaign may overread harmless alerts as proof, while ignoring signs of a different intrusion path. An attacker can exploit the same weakness by crafting messages that fit a target’s assumptions, making fraud or social engineering seem credible.
It matters because security decisions depend on accurate interpretation of clues. When teams search logs, review malware behavior, or assess suspicious activity, confirmation bias can lead to wrong conclusions, missed indicators, and weak containment. Good defenses reduce the risk by using checklists, peer review, diverse hypotheses, and evidence from multiple sources. In practice, the safest approach is to ask what would disprove your theory, not only what supports it.