Our recent HFS global pulse study revealed that cybersecurity is the number one area for deploying emerging technologies. Almost forty percent (40%) of respondents have implemented emerging technologies at scale across the enterprise and plan to increase their investments significantly over the next 12 to 18 months. While we can celebrate enterprises’ focus on cybersecurity, it does not appear to be enough; we continue to see a significant increase in incidents. Our latest HFS cybersecurity pulse study shows that two main factors have contributed to sixty percent (60%) of security events in the past two years: human errors caused by a lack of adequate training or process discipline and new IT initiatives implemented without proper security oversight and controls. Enterprise clients must give these top five initiatives the highest priority to address the human factors that weaken the cybersecurity chain.
- Establish an enterprise-wide programme to develop and measure cybersecurity literacy. Forty-three percent (43%) of respondents mentioned that enterprise clients must implement mandatory cybersecurity learning paths adapted to the context of each user community, but more importantly, measure individual goals as part of the periodic performance review process.
- Ensure that senior executives lead by example and measure the effectiveness of their cyber-aware attitude. Thirty-seven percent (37%) of respondents expressed the need to make senior leaders more accountable by embedding cybersecurity-related metrics into their key performance indicators (personal and business unit levels).
- Maintain accountability through good order and discipline. Thirty-four percent (34%) of respondents highlighted the importance of implementing more disciplinary measures in case of repeat violations of cybersecurity policies and procedures.
- Provide learning experiences that enable employees to actively engage with cybersecurity content. Thirty-five percent (35%) of respondents flagged that enterprise clients must deploy more engaging and personalized learning platforms to make cybersecurity a “business as usual” learning activity.
- Use stakeholder-centric communications combined with storytelling techniques to make cybersecurity relatable to more communities. Thirty-five percent (35%) of respondents mentioned that enterprise clients must embed more storytelling into awareness campaigns to bring cybersecurity to life and increase the level of engagement.
The Bottom Line: It does not take too much effort to build a cybersecurity-conscious culture. Shared accountability and personalized engagement are two indispensable ingredients.
It is high time for IT and business leaders to make employees their best firewall, not the weakest link in their cybersecurity chain.
