In my latest column for the @ISACA newsletter, I delve into the complex interplay between common sense and cyber security. Inspired by Duncan Watts’ insights, I argue that our reliance on common sense often shapes cyber security strategies in ways that might not always be effective. I advocate for a shift towards quantitative modeling and evidence-based practices, challenging the cyber security community to rethink assumptions and strategies. This piece is a call to action for a deeper, more analytical approach to cyber security risk management, moving beyond intuition to enhance our defenses.