Attackers exploit people, not technology

Blog 1: An introduction to a human-centered approach to cybersecurity

Human error can expose an organisation’s vulnerabilities to a variety of cyber risks. This has led many organisations to consider a people-focused cyber strategy. Did you know that statistically, people are the single biggest risk factor to cyber threats?

Research shows that nearly 95% of cybersecurity breaches occur due to human error1

Regardless of the intent behind a breach, human error can expose vulnerabilities to a variety of cyber risks. In a recent Deloitte survey², respondents named rapid IT changes and the rising complexities of automated processes as their number one cybersecurity challenge.

The changing landscape has meant many traditional network controls are no longer strong enough, which has increased the number of vulnerabilities available for hackers to target. Constant change often leads to change fatigue, frustration, and increases the likelihood of making an error. Strengthening technical cybersecurity controls and capabilities is a step in the right direction but organisations will only truly be more secure when building a people-focused cyber strategy.

Why is this so important?

The traditional approach to managing cyber-attacks is technology-based and often reactive, responding to threats as they occur. With the workplace changing and cyber threats becoming more sophisticated, cybersecurity is no longer solely an IT problem and managing cyber risks is now a business imperative.

The past two years has accelerated the shift towards remote working at an unforeseen pace with many companies now adopting a hybrid working model. It’s imperative that employees operate as securely in a remote or hybrid setting as they would in an office or delivery center.

So, how can we adapt our approach to cybersecurity in a way that takes the human element into account?

Organisations can dramatically reduce cybersecurity risks by designing an integrated cyber-defense approach that considers both the people and the technical factors of cyber threats. To help safeguard businesses, cybersecurity needs to be embedded into all corners of the organisation. This means cultivating a cyber-resilient culture and building adaptability into the way that cyber threats are managed. By giving their people ownership and accountability, organisations make it easy for employees to do the right thing, to build cyber knowledge, and to embed security policies into daily work. An effective way to approach this behaviour change is to organise it around the employee lifecycle: join, develop, and offboard.

This blog series will give an overview of the employee lifecycle and the ways in which organisations can implement effective cybersecurity practices in an ever-evolving landscape. Look out for part two in the blog series next, which discusses cybersecurity and the employee experience in more detail.

Have you considered? What's at the heart of your cybersecurity strategy - the technology & processes or your people?


1 Varonis, 2021
2 Deloitte, 2020 Reshaping the cybersecurity landscape | Deloitte Insights

Deloitte can help by looking at your business objectives and then customising, identifying, priortising and implementing processes and solutions to maintain a consistent approach to mitigating the cybersecurity risks organisations face. Cybersecurity threats are constantly evolving; we go beyond addressing the challenges of today to help organisations embed sustainable solutions to prepare for the challenges of the future. Reach out for more information or please visit our Cyber Transformation page.

Did you find this useful?