Once deemed a small part of businesses, cyber has now grown to be a key focus area for most organizations. During COVID-19 and beyond, the digitization journey and remote working have taught us that for any business to thrive, building a “cyber-safe” environment is key.
Deloitte’s 2021 Future of Cyber Survey, a study of nearly 600 C-suite executives globally, shows that cyber risks are prevalent. In fact, 98% of US executives — and 84% of executives in the rest of the world (ROW) — say that their organization has experienced one or more cyber incidents in the past year.
Among the top cyberthreats that concern executives are the “unintended actions of well-meaning employees” (US: 28%; ROW: 16%). These actions may make organizations more susceptible to ransomware attacks, phishing scams, and malware penetration. The data highlights that the C-suite is worried about cyber hygiene and culture, which have direct ties to cyber awareness in an organization.
The state of cyber awareness and training
Businesses of all sizes today have adopted multi-dimensional cyber-awareness training models and tools, and the need for cybersecurity and cyber awareness has increasingly become established within the organizational gene. Large-scale programs — including tailored awareness sessions, quizzes, gamification, and simulation training — are often regularly conducted within organizations.
However, organizations often measure their cyber awareness maturity based on what was a poor state of awareness in the past. This is an inadequate benchmark, as the march toward true maturity, by industry standards, is based on the time, money, and resources that organizations devote to cyber awareness — and on progress made through prioritization.
Some recommendations for cybersecurity awareness and effectiveness measurement include:
Addressing risk by empowering people
Cybersecurity and cyber awareness training is a journey of evolution. People are an integral part of it, and our behavior dictates how the data that we relate to is protected.
When we think of the people-process-technology triad, the best of technology and process can get crippled without the right people in place. In contrast, people — across all rungs of the organizational hierarchy — can work most productively and effectively when they are given the right tools to raise awareness on how to secure the data they work with every day. Ultimately awareness comes when organizations take holistic, comprehensive, and measurable initiatives to become “cyber-safe.”
Runa Dalal | Director | emailto:rudalal@deloitte.com