A recent Harvard Business Review article stressed, “Spending millions on security technology can certainly make an executive feel safe. But the major sources of cyber threats aren’t technological. They are found in the human brain, in the form of curiosity, ignorance, apathy, and hubris”.
I totally agree with this assertion - cyber savvy employees, customers and business partners are a vital component of a cyber resilient enterprise.
In fact several studies reveal that effective cyber security awareness programs provide the highest return on security investments.
But let’s face it, most cyber security awareness trainings still suck. To many, they are as boring as filing tax returns. The mention of security awareness reminds them of someone reciting policy clauses, and repeating the same old messages: Always mix a jumble of alphanumeric characters when choosing new passwords, change them every 90 days, never share them with your partner, and so forth.
Worse more, non-compliance is often met with severe consequences, including dismissal.
But this is not always the case. Some organisations are embracing innovative learning and development programs to boost employee or customer cyber security engagement and drive results.
I am keen to hear how fellow professionals or cyber security vendors are addressing this challenge. Kindly use the comments section below to share ideas on how this critical function can be improved.
Phil is an international keynote speaker, multi-award winning virtual CISO and bestselling author. He is an official member of Forbes Business Council, an Invitation-Only Global Community for Successful Business Owners and Leaders. He was named one of 2020’s Top 100 Most Influential People of African Descent (New York USA), as well as 2017 winner of ISACA International’s Best Article Award (Chicago, USA). His views have been featured by Forbes, CISCO, NZ Business Herald, Financial Standard, SAP, etc., and one of the Top 7 Global Cyber Security Leaders in 2023 by the Security Magazine and ISACA.