Possibility
Explore our work: what we do, how we do it, and the value we create for our clients.
Impact
Culture
Possibility
Explore our work: what we do, how we do it, and the value we create for our clients.
Global Shifts
Empowered consumers
Healthier humans
Future organisations
Business for better
Safer societies
Sustainable world
Industries
Consumer and manufacturing
Defence and security
Energy and utilities
Financial services
Government and public sector
Health
Life sciences
Transport
Services
Set growth strategy
Build brands, products, and services
Reimagine AI, digital, and data
Improve organisational performance
Deliver complex programmes
Empower your people
Impact
Culture
Insight

People power: making your people an essential part of your cyber security strategy

Tags

Media reports on the cyber threat frequently cite high-profile, high-impact cyber attacks carried out by organised, sophisticated and deliberate cyber criminals. However, US and UK research¹ shows that the everyday behaviour of employees presents one of the greatest risks to your organisation and its customers.

The growth of social media, remote working and the use of personal devices – plus a ‘Generation Y/Millennial’ mind-set among younger employees that don’t value traditional control and formality – all combine to create new vulnerabilities in an organisation’s cyber defences. While technical defences are important, they have limited effect if they are undermined (albeit unintentionally) by employees who do not follow security policies either because they find them inconvenient or because they don’t understand why they are necessary.

The commitment of your people to protecting your organisation is an essential component of a strong cyber defence. This means a critical part of your cyber strategy must be to focus on the human aspects of your organisation – on developing a positive security culture that is grounded in employees’ attitudes, evident in the behaviours people exhibit (especially when no-one is looking) and which is reinforced by the actions of leaders.

So how can you develop an organisational culture that makes you more secure?

Create a culture based on trust not surveillance

Aim to ensure that security is owned and lived by all employees and not just a few experts in business risk and security functions. Stress the responsibility of the individual as well as the whole team for protecting critical assets and make no exceptions for leaders, who must act as role models by adopting required ways of working. Rather than increasing monitoring (CCTV, checking email etc) in response to a security breach, acknowledge what has happened openly and treat it as an opportunity to learn. Make it acceptable for employees to challenge colleagues directly when they see poor security behaviour (such as holding sensitive conversations in open locations), rather than encouraging employees to report on colleagues.

Frame security as a critical enabler

Encourage your people to view security not as something restrictive but as something that enables your organisation to deliver its promise to customers. Develop a compelling narrative that resonates with your employees and clearly demonstrates that by protecting information assets effectively your organisation proves itself worthy of the trust that customers, suppliers and partners place in it when they share personal or business data.

Think outside your immediate organisation

An effective security culture does not stop at your organisation's walls and physical boundaries. Take account of your employees’ approach to security both in the workplace and outside it. Identify ways in which you can involve your customers, suppliers, partners and contract staff (especially those you often overlook such as cleaners) to promote an integrated, end-to-end view of the ‘right things to do’. Be specific about the behaviours and specific ‘ways of working’ that make the most difference in securing your organisations critical assets.

Recognise and respond to new ways or working

Make it easy for people to do the right thing. Social media and working from home are normal behaviour that is here to stay. By recognising this, your organisation takes the first step to finding ways to enable employees to transfer information securely and protect customer data, and minimises the temptation for employees to find ‘work-arounds’ which make you more vulnerable to attack.

By investing resources and effort in your people and culture, your organisation can significantly improve its security and reduce the potential for a successful cyber attack.

¹ For example, research undertaken by the CERT® Insider Threat Center at Carnegie Mellon University.

Explore more

A young child playing with his toy astronaut
Insight

Launching a new narrative: How to solve UK space’s PR problem

The UK space industry has yet to fully convey its significance to the economy and society.
A young child playing with his toy astronaut
Backlit RAF Typhoon taxis out for takeoff
Insight

How can the aerospace, defence, and security industries collaborate to build a safer future?

Navigating the challenges of the modern world means forging new paths that deepen collaboration and accelerate innovation.
Backlit RAF Typhoon taxis out for takeoff
Military vehicle with soldiers driving
Insight

Keeping our Armed Forces safe by reimagining the defence supply chain 

A Q&A with the UK’s Ministry of Defence and Team Protect.
Military vehicle with soldiers driving
A digital word
Insight

Creating a safer world: Seven lessons from DSEI 2023

In an increasingly volatile world, we believe a positive human future must be underpinned by a world that is safe, secure and sustainable.
A digital word

Contact the team

We look forward to hearing from you.
Get in touch

Get actionable insight straight to your inbox via our monthly newsletter.