Year in and year out, cybercrime siphons trillions of dollars from the global economy, disrupts millions of organizations and forces thousands of companies to go out of business. By most accounts, up to 90 percent of cyberattacks are the direct result of human error. Yet these incidents often elicit no more than a collective shrug from the boardroom to the breakroom. Why? Because too many still consider cybersecurity to be entirely an “IT problem.”
For example, one recent survey found that 30 percent of employees do not think they have any responsibility for helping to maintain their company’s cybersecurity posture. Most said they probably wouldn’t even bother to report a security incident. When asked why, 25 percent said they don’t care enough about cybersecurity to mention it.
Meanwhile, the vast majority of IT professionals say C-suite executives are similarly indifferent. In a recent global study, 90 percent of respondents said company leadership would sacrifice cybersecurity to improve productivity, and 82 percent said they’ve felt pressure from higher-ups to downplay the severity of cybersecurity risks to board members. Additionally, half said many C-suite executives don’t even try to understand cybersecurity because they consider it an “impenetrable technology issue.”
Given the financial and operational burdens created by cybercrime, it should be evident that cybersecurity is now everyone’s responsibility. Whether you’re in shipping, sales, human resources or management, a single successful cyberattack could put you out of a job. Consider the case of Lincoln College in Illinois. Five months after a ransomware attack obstructed access to all institutional data, the college announced in May 2022 that it was closing permanently after 157 years of operation, leaving nearly 1,000 staffers unemployed.
To counter the growing threat landscape, organizations must take steps to establish an organization-wide cybersecurity culture. Doing so requires cooperation and commitment among technical staff, line of business employees and company leadership. Here are some of the practices that can help companies develop a more robust security posture.
Leadership sets the tone in any organization, so work with management to ensure cybersecurity gets the attention it deserves. Provide solid information that’s free from industry jargon and offer clear, logical solutions and suggestions.
Cyber incidents frequently result from employees who click on infected links or emails, unintentionally mishandle sensitive data or commit policy violations with “workarounds” to make work easier. Security awareness programs are essential for correcting such behaviors, but keep these three guidelines in mind:
There’s no simple playbook for building a strong security culture. It’s an ongoing process that requires regular emphasis and continual education. If you’re not sure where to start, give us a call. We can work with your IT team to develop and implement techniques for encouraging organization-wide adoption of good cybersecurity practices.