A recent survey conducted by Ipsos reported that more than half of all C-suite executives (C-Suites) (53%) and nearly 3 in 10 Small Business Owners (SBOs) (28%) who suffered a breach in 2019 identified human error or accidental loss by an external vendor/source as the cause of the data breach.
The fact that data breach incidents are occurring at an increasing pace should not come as a surprise. Regularly – and dare I say, on a daily basis – we are kept informed by the media about various security incidents across different organisations around the world. And the consequences of these incidents are extensive, covering legal, financial and reputational damage.
Never has it been more important for organisations to face this issue of cyber and information security head-on and to do so by addressing the root cause of the problem: PEOPLE!
In the infographic, we’ve shown how organisations have focused on technical defences against security incidents to the detriment of people-centric security solutions that are much more effective and urgently required. According to Gartner, in 2018 a significant 114 billion USD was spent on security defences, globally, with security awareness training for employees receiving one of the least investment at roughly 450 million USD. Little wonder why in that year, the average number of security breaches rose by 11 percent, with phishing – a type of social engineering – accounting for 90% of those data breaches.
Surely by now, it has been proven beyond reasonable doubt that investments in technical defences alone will not effectively solve the cybersecurity problem. We have to help our staff, help us defend the network by having a combined human centric and technical strategy. “Any cybersecurity strategy which doesn't employ security awareness and have it go hand in hand with technical defence components is a short-sighted, incomplete strategy.” Paige Adams, Chief Information Officer for Zurich Group.
So, as the threat landscape evolves and cyber criminals devise new methods of manipulating vulnerable people, training your employees on how to detect and respond to the cyber threats will deliver the best ROI in protecting your company from being a victim of cybercrime.