Cybersecurity Risk Is More Personal than It Is Organizational


A couple years ago, I stood on a soapbox and screamed about the importance of security. In this article, I wrote, “The days of relying solely on perimeter security are fading. Companies need to implant security by design and default into their enterprise DNA.”

This is no small feat. It requires rebuilding a company’s culture and adjusting employee behavioral patterns to establish security as a core value. This is at least as important as defense technology. After all, more than 85% of all cyber incidents are based on the HUMAN FACTOR. Eighty-five percent!

Reducing Human-Factor Cybersecurity Risks

A must-have on the CISO’s agenda is thwarting risky human behavior. In short, this means keeping humans from clicking on something they shouldn’t – whether through company email or social media services – which gives hackers access to their systems, the upper hand in ransomware and the potential loss of billions of dollars, not to mention irreparable consumer distrust and client backlash.

But do not be dismayed! There is a preventative and proactive approach to ameliorate human error – and that is human awareness of the self. Cybersecurity is a risk management essential that must be built into the core of every role and that can only be done leveraging highly personalized, customized and style-aligned education.

Psychology-based Security Risk Mitigation

Many companies have already adopted generic awareness campaigns with established policies and procedures to bolster their defensive posture. One can’t help but think Twitter would have led the charge on this front, but its recent breach makes it clear these programs have room for improvement. Today, rudimentary security awareness training is no longer enough. Companies must adopt a security mindset that helps employees think like an attacker.

The only way to do that is to ensure that all the humans in your organization think of themselves as walking, living, breathing threats to your enterprise systems every day. They must actually create new neural pathways to minimize human cybersecurity risks. A style-aligned approach has proven to reduce phishing click rates from 20% to sub 2%. Yes, less than two percent!

What is a style-aligned approach?

An individual’s prefrontal cortex can hold only about three or four thoughts at a time. To change human behavior, you must build the desired mindset in the prefrontal cortex with self-actualization of the employee’s intrinsic risk persona, and then provide consistent and customized repetition, education and testing. Ultimately, you need to tap into individual instincts and educate your workforce about how their brains can put them personally and professionally at risk.

ISG helps companies assess and design risk-mitigating programs that are personalized and style-aligned, so they can be sure they are changing behavior at the individual level, which is where real security happens. Contact us to learn more.