Why is cyber security blue? The cyber security visuals challenge.

The Hewlett Foundation thinks it’s time to improve how we communicate and visualise cyber security. I agree.  To find fresh ideas, the Foundation has launched a Cybersecurity Visuals Challenge, rewarding artists with substantial grants for creative solutions.

Having more modest financial means than the Hewlett Foundation, I thought I would make a small contribution to the ‘Cybersecurity Visuals Challenge’ effort with this blog. 

As I’ve mentioned before, I think it helps us improve things in the future if we first know how we got where we are today.  In that spirit, I want to use this post to take a long view look at the question…

… why is cyber security blue?

Cyber security is as blue as the sea

Before diving into the answer, I wanted to first check cyber security really is blue.  A quick google image search for “cyber security” soon confirms that it is. Or to be more precise, cyber security has an average RGB colour value of Red:111, Green:135 and Blue:152.

Repeating this rigorously scientific (!?) image search experiment on other ‘blue things’ we find that cyber security is nearly as blue as the sea.  Only with more hoodies and fewer seals.

So cyber security is blue. But why?

The birth of Colour Theory

You’ve probably heard the myth that Isaac Newton discovered gravity when an apple fell on his head. Unfortunately, I have no fruit-based explanation as to why he also discovered that light could be split into a rainbow of colours using a glass prism.  What I can tell you is that having made this discovery, he proposed that every colour in this rainbow could be formed by mixing three primary ones: red, yellow and blue.  From this idea, modern Colour Theory was born.

A hundred years later and some academics were still claiming that Newton had got it wrong.  His critics said all colours were a mix of darkness and light.  Blue, for example, was the first colour to emerge from darkness when you add a little light.

Johann Wolfgang von Goethe was one of those critics. But the reason we should be interested in him is not his argument with Newton, but because he introduced a new topic to the field of Colour Theory: psychology. 

Goethe thought we all share psychological associations between colours and concepts.

Blue gives us an impression of cold… The appearance of objects seen through a blue glass is gloomy and melancholy.

Johann Wolfgang von Goethe (1810)

Importantly, the concepts Goethe had in mind were very abstract and mostly related to feelings.  We are still a long way from concepts as concrete as cyber security.

A colour revolution

We jumped a hundred years from Newton to Goethe and now we jump two hundred more to reach our next key character: Faber Birren. 

After WWII, America’s government and industry were open to big, bold ideas. Into this fertile ground, Faber Birren planted the idea that colour had a more powerful influence over individuals, societies, organisations and brands than Goethe or anyone else had previously suggested.  He also proposed that colour’s psychological associations were much more concrete than the emotional associations that Goethe had in mind.  Birren said we associate colours with very precise concepts such as intelligence, arrogance, modernity and remorse. 

Birren was described as a colour revolutionary and America’s management class loved his theories.  The US Navy hired him to colour coordinate everything it owned: every item, structure and piece of clothing.

Working with DuPont, Birren designed a safety colour code for industry: all fire safety equipment should be red; all equipment for handling materials should be yellow; and so on. The American National Standards Institute adopted his code and then it spread across the globe.

It is no coincidence that skips, hazmat suits and diggers are all yellow.  Faber Birren made them so. 

Applying Colour Theory to Cyber Security

We might suspect that cyber security is blue because security is blue.  But I don’t think that’s the case. 

Other fields of security – home security for example – are not blue.  And a consensus that security is blue was only reached as recently as this decade.  In previous decades, writers in marketing and the psychology of colour said that security was black. Or grey. Or orange. Or brown. Or pink. Or green. Or, yes, blue. 

I think the word security is a red herring. The key actually lies with the word TRUST.

Faber Birren claimed that trust was one of the concepts we associate with blue and everyone since has repeated this idea. In contrast, Birren said nothing (that I have found) about security and this left the field wide open for later people to describe it as being any of the half a dozen colours I just listed.

So how did we get from Birren’s belief, in the 1940s, that trust is blue to cyber security being blue today?

The story of blue: from trust to cyber security

To understand the final part of the story of why cyber security is blue, we should first recall a time before it was.  Until only a few years ago cyber security had no dominant colour association.  Yes, black and blue have been in the cyber aesthetic since the start, but for a long time red and yellow were just as prominent. Other colours – including green, brown and pink – were in the mix too.

Around 2003, internet use took off and, soon after, cyber security began to rise steadily up business and foreign policy agendas.

My theory is that during this cyber growth spurt (2003-2010), the companies, organisations and influencers involved felt the need for cyber security to have a stronger, clearer visual identity.  They had the motivation and budgets to ask brand managers, graphic designers and creative agencies to come up with the ‘right look’ for the fast-growing number of cyber security brands, services, products, articles and events.

By coincidence, just as this was happening, these same branding and creative experts were being shown research that told them the ‘right look’ essentially meant the ‘right colour’.  In 2006, The Institute of Colour Research pushed out a widely quoted research paper that claimed people make a subconscious judgment about a product within 90 seconds of initial viewing and that between 62% and 90% of that assessment is based on colour alone. It was a powerful return of Birren’s message: colour is king.

Creatives tasked with choosing the ‘right look’ for cyber security – and therefore the ‘right colour’ – had a safe choice to make: blue.  Thanks to Birren’s influence they could confidently tell their clients that everyone agreed blue was the colour of trust.  Even better they could point to the fact that it was because of this that IBM changed its own logo and brand to blue in 1972 – earning it the nickname Big Blue. That in turn created another association in the public’s mind between safe, reliable IT and the colour blue.  All the stars were aligned.

In the 1970s, no IT manager ever got fired for choosing Big Blue. During cyber security’s growth spurt, no creative ever got fired for designing a blue cyber security visual.

Feedback loops

In a field with a relatively small pool of visual products it wouldn’t have taken long for blue to become so prevalent that a tipping point was reached. When an aesthetic becomes dominant, a professional creative who doesn’t follow it isn’t just avoiding the safe option, they are consciously choosing a risky one. Their client is expecting the dominant aesthetic and only a few will want to swim against the tide. There is every chance the client will ask their creative to resubmit something more conventional, at their own expense.

Meanwhile, an army of amateur DIY creatives were churning out micro products (presentations, office posters, community flyers, blogs…) with even less desire or ability to create something unique. They used the images on the first page of google and unintentionally fed a feedback loop that pushed anything non-standard down the search results.

And thus we reach today, swimming in a sea of cyber blue.

Are we stuck with blue forever?

As we’ve seen, cyber security was once colours other than blue and it could be again.

Within the capacity building community green is quite common.  It is associated with the environment, from which many analogies for the internet as a global commons are drawn.  And with health care: the source of analogies used in State Department capacity building training materials. 

CyberGreen – which helps countries fight DDOS – are obviously on team green. As are FIRST, the Forum of Incident Response Teams. In 2005, when the rest of the cyber world started going blue, FIRST bucked the trend by changing their logo from pink/blue to green.

But why stop at green? There is a rainbow of opportunity out there that I hope Hewlett’s Cybersecurity Visuals Challenge will help us explore it. 

Maybe then we can turn our attention to the hoodies.