Once deemed a small part of businesses, cyber has now grown to be a key focus area for most organisations. During COVID-19 and beyond, the digitisation journey and remote working have taught us that for any business to thrive, building a “cyber-safe” environment is key.
Deloitte’s 2021 Future of Cyber Survey, a study of nearly 600 C-suite executives globally, shows that cyber risks are prevalent. In fact, 98% of US executives — and 84% of executives in the rest of the world (ROW) — say that their organisation has experienced one or more cyber incidents in the past year.
Among the top cyberthreats that concern executives are the “unintended actions of well-meaning employees” (US: 28%; ROW: 16%). These actions may make organisations more susceptible to ransomware attacks, phishing scams and malware penetration. The data highlights that the C-suite is worried about cyber hygiene and culture, which have direct ties to cyber awareness in an organisation.
The state of cyber awareness and training
Businesses of all sizes today have adopted multi-dimensional cyber-awareness training models and tools, and the need for cybersecurity and cyber awareness has increasingly become established within the organisational gene. Large-scale programmes — including tailored awareness sessions, quizzes, gamification and simulation training — are often regularly conducted within organisations.
However, organisations often measure their cyber awareness maturity based on what was a poor state of awareness in the past. This is an inadequate benchmark, as the march toward true maturity, by industry standards, is based on the time, money and resources that organisations devote to cyber awareness — and on progress made through prioritisation.
Some recommendations for cybersecurity awareness and effectiveness measurement include:
Addressing risk by empowering people
Cybersecurity and cyber awareness training is a journey of evolution. People are an integral part of it, and our behaviour dictates how the data that we relate to is protected.
When we think of the people-process-technology triad, the best of technology and process can get crippled without the right people in place. In contrast, people — across all rungs of the organisational hierarchy — can work most productively and effectively when they are given the right tools to raise awareness on how to secure the data they work with every day. Ultimately awareness comes when organisations take holistic, comprehensive and measurable initiatives to become “cyber-safe.”
Runa Dalal | Managing Director or Partner | emailto:rudalal@deloitte.com