Are there any similarities between Formula 1 and the information security area?

By Espen Otterstad

December 8, 2023

Since Formula 1 has seen significant growth in popularity in the last few years, primarily due to the Netflix series “Drive to Survive,” I’m sure I’m not the only one who has spent more time following this sport in the last few years.

Now that this year’s season has ended, I spent a few minutes reflecting on whether there are any similarities between this sport and the information security area. There are at least two obvious ones.

The first similarity is that Formula 1 and information security are highly focused on the development and use of technology. Critics might say both are too focused on technology for their good.

There is evidence to support what the critics say. The technology development in Formula 1 is highly regulated with strict regulations, and budget rules have been in place since a few years back. The mantra in the information security area has been to solve every problem with more technology for years.

In both areas, the technology focus overshadows the fact that humans are critical for the success of a Formula 1 team or to keep your organization as safe as possible from cyber criminals. You can have any technology you want, in Formula 1 and information security, but without humans, you will not succeed.

The second similarity is how hard it is to catch up once you are behind. The Oracle Red Bull Racing team has dominated the last few years in Formula 1. Their opponents have been struggling to catch up for two years. And even though the other teams tend to inch closer toward the second half of the season, they cannot completely close the gap. The main challenge is that all opponents spend their time and resources playing catch up, while Red Bull uses their time and resources to think ahead and develop for next year.

In the information security area, we see much of the same cat-and-mouse game between those who try to protect and those with malicious intent. We are in a constant sprint to patch flaws and teach our employees about existing security challenges. This prevents most planned efforts for the future and creates a situation like what we see when teams “chase to catch up” in Formula 1. On the other hand, the only thing for sure is that as soon as one weakness is removed, those with the means and a motive will already have found another way into your systems.