How can businesses ensure their culture aligns with cybersecurity risk management?

Cybersecurity risk management is vital for businesses. But how can organisations ensure their employees do everything they can to protect networks and data from unauthorised access, theft, and damage? Rick Lemieux, Executive Director at DVMS Institute, explains.

Abstract computer screen with warning sign and malware

Why is cybersecurity risk management critical to businesses?

Cybersecurity risk management is vital for businesses because it protects their digital systems, networks, and data from unauthorised access, theft, or damage. Some reasons why cybersecurity is essential to businesses include:

  • Customer trust

Customers are becoming more aware of the importance of protecting their data, and research shows that up to 40% of online shoppers may abandon a transaction if they suspect a website’s security is questionable.

  • Data breaches

A security breach can result in the loss of confidential data, customers, and revenue. In some cases, it can even result in legal liability.

  • Legal obligations

Businesses must comply with cybersecurity policies and procedures to meet regulatory legal requirements. Failure to comply can result in legal penalties, regulatory fines, and reputational damage.

  • Productivity

A cyberattack can cause critical business hours to be lost, wasting employees’ time, energy, and ability. This ultimately leads to inefficiency, lower business productivity, and potential revenue loss.

  • Data backup

Regular data backups are essential for restoring a company’s systems and data in the event of a successful cybersecurity attack. If data is frequently backed up, it can be swiftly restored in the event of an attack, lessening the impact on the business and clients.

Who is responsible for cyber risk management in the workplace?

Today, cybersecurity is everyone’s responsibility, from the CEO to frontline employees. It requires a culture of awareness, accountability, and continuous learning to mitigate risks effectively and safeguard digital assets against emerging threats.

How can organisations ensure employees care about cybersecurity risk in the workplace?

One of the best ways for employees to care about cybersecurity risk is to build a culture of innovation capable of identifying and mitigating cyber risk as part of day-to-day job routines. This entails creating a mindset in employees that the risk is real, and their daily actions impact that risk.

Cybersecurity culture is essential as it plays a vital role in an organisation’s ability to protect organisational digital business performance, resilience, and trust with its clients. It must be part of a broader corporate culture of day-to-day actions, encouraging employees to make thoughtful decisions that align with security policies.

Organisations unveil grand strategies and meticulously crafted blueprints for success. Yet, amidst the fanfare of vision statements and market analyses, Peter Drucker’s timeless adage whispers a crucial truth: “Culture eats strategy for breakfast.” Though deceptively simple, these five words provide a stark warning: no matter how superb the strategy, it can be undermined by human factors that are the invisible forces of organisational culture.

The question is, how can you evaluate organisational culture? Tools such as the DVMS Cybersecurity Cultural Assessment Tool can help understand employee attitudes and perceptions towards cybersecurity with a comprehensive 67 question survey. Once responses have been collected, the organisation is scored against the known factors that drive positive culture.

Leadership can then use this data to build and implement a plan to realise its future cybersecurity – upskilling employees, reinforcing cyber resilience, and ensuring the company has standardised processes based on the NIST Cybersecurity Framework which comply with government regulations.

About the author

Rick Lemieux is Executive Director at DVMS Institute.

See also

Penetration testing: how to protect your business against cyber threats

Phishing: What is it and how can you protect your business?

Why email encryption is essential to your business

Images

Getty Images

Publication date

15 July 2024

Any opinion expressed in this article is that of the author and the author alone, and does not necessarily represent that of The Gazette.