March 1, 2018

How can NZ CEOs implement a cybersecurity culture from the top?

By 2021, Cybersecurity Ventures predicts cyberattacks will cost the world US$6 trillion annually.

We've already seen the tangible effects of such attacks on big business. Just last year, credit reporting agency Equifax was hit by a data breach that compromised the security of more than 145 million customers (nearly half the U.S. population). The firm has suffered huge economic losses as a result, not to mention the hit in customer trust and loyalty that it's sustained. 

With cybercrime so widespread, it's clear that companies aren't investing enough time or money in creating a culture of cybersecurity at all levels of their organisation. And yet, 91 per cent of New Zealand's CEOs said they were worried about cyberattacks, PwC reports.

Cybersecurity needs to be implemented from the top – how can CEOs and execs encourage a culture of cybersecurity in their Kiwi business? 

1) Create a mandatory cyber awareness programme

Your employees are your number one defence against a cyberattack. However, they're also your number one vulnerability. In fact, IBM reports that human error contributes to over 95 per cent of all successful cyberattacks. 

The key to improving your security, therefore, is to increase employee awareness of the nature of these threats. Create a mandatory cybersecurity programme that teaches employees about cyberattacks, the ways in which they commonly occur, and the protocol for reporting suspicious activity (especially emails and other phishing attempts) at your company. 

2) Make it engaging

Gamification is the new buzzword in cybersecurity. It's the process of turning learning about cyberattacks into a game. PwC, for example, offers a game of threats activity that helps employees at all levels learn about hacks. It involves pitting one team of employees (the attackers) against another team (the defenders) to see whether they can successfully breach or defend their company's cybersecurity. 

This is a highly engaging way to teach people about some often rather abstract concepts, and is great for older employees who may not yet have their heads around the nature of cyberattacks. 

3) Reward employees

To underpin this awareness, introduce a rewards programme for cybersecurity. Cash prizes or some other incentive for those who report suspicious emails is an excellent way to encourage people who may otherwise see it as a fairly low-down priority. 

Creating a culture of cybersecurity is not something that will happen organically. You have to implement it from the top if you really want to see your employees get on board. 

Are you looking for a new role? One where you can really make a difference at a company? The executive recruitment experts at JacksonStone can help. Contact us today for more information.