It engenders a false sense of superiority that spurs complacency among risk managers and executives, who in turn may underinvest in security teams, rely too much on automation, or both.