There is no single correct
level of security; how much security you have depends on what you’re willing to
give up in order to get it. This trade-off is, by its very nature,
subjective—security decisions are based on personal judgments. Different people
have different senses of what constitutes a threat, or what level of risk is
acceptable. What’s more, between different commu- nities, or organizations, or
even entire societies, there is no agreed-upon way in which to define threats
or evaluate risks, and the modern technological and media-filled world makes
these evaluations even harder.
http://cyber.law.harvard.edu/cybersecurity/Keyword_Index_and_Glossary_of_Core_Ideas