Business meeting


Creating a cyber risk-aware culture

The value of people

While continued cyber incidents can be attributed to the constant changes in technology, regulatory requirements, and threats, there is also a ‘people component’ at work. Whether through targeted phishing attacks or human error, people are often a weak link that threat actors can exploit—but they can also be the first line of defense. By cultivating a culture that reinforces cyber risk management technology investments, organizations can strengthen their ability to prevent incidents and to respond effectively when cyberattacks occur.

Your people: A point of entry or first line of defense?

Without a cultural focus on cyber risk, some employees follow existing incentive paths to get things done quickly, which can involve "workarounds" or avoidance of safeguards altogether. A cyber risk-aware culture reduces this behavior and encourages employees to think "cyber" when something unexpected happens so those unknown or potentially suspicious events can be investigated. A cyber risk-aware culture exists when an organization's values and the behaviors actively support the enterprise cyber risk management strategy.


Creating a cyber risk-aware culture

There are four elements of an effort to establish better cyber awareness:

  1. Leadership: Leaders must signal to employees that cyber risk management is a top priority.
  2. Learning: Organizations should require cyber training at regular intervals and emphasize the importance of desired cyber behavior in new hire and other learning events.
  3. Communications: Organizations should create compelling, tailored messages through multiple channels that create personal connection and commitment from various corporate audiences.
  4. Talent lifecycle: The hiring, promotion, development and recognition aspects of the talent lifecycle can be leverage to drive accountability for cyber risk-aware practices.

How you can build a cyber risk-aware culture.

Did you find this useful?