1. Culture eats strategy for breakfast
As Peter Drucker wisely suggested, while devising the best possible strategy is always important, its execution will not succeed if the right culture isn’t in place to support it. This is as true in cybersecurity as in any other area of business – a cybersecurity strategy needs a strong security culture to succeed.
2. The human layer is the most vulnerable
At least 74% of cyber security breaches involve the human element – such as social engineering and phishing, weak passwords and the improper storage or sharing of data – meaning hackers exploit our very humanness in order to gain access to systems.
3. Cyber threats are costly
In case a reminder is in order, hackers are in it for the money. The average cost of a cyber breach in 2023 was around $4.5M, however in some cases it can be much higher. One of this year’s costliest breaches was the $100 million MGM Hotel cyberattack. This attack reportedly started with ’vishing’ – an attacker calling the IT helpdesk and impersonating an employee based on information found on LinkedIn.
4. How can culture impact risk?
People largely aim to act according to the norms of their culture. In a healthy cybersecurity culture, employees are engaged and willing to learn how to protect themselves and their company, as well as vigilant and able to apply their learnings, for instance when it comes to reporting anything suspicious through the right channels.
5. Creating positive security culture
Yes, cybersecurity is a serious topic. However, if we want people across the board to truly engage with it, we need to make it fun, approachable, and personally relevant. Establishing a psychologically safe environment where mistakes are not penalised is paramount. The resulting sharing and reporting of threats – as well as any mistakes that may have been made – contributes to building resilience against cyberattacks. That is why Hoxhunt's approach involves individualised learning paths, frequent sessions, gamification, and positive reinforcement.