Cybersecurity is the fastest developing risk for workplaces globally, and it already represents a major and costly threat. The average cost of a data breach in the United States in 2022 was $9.44 million, according to IBM data. It's also growing, currently at $8.4 trillion globally for 2022, Statista projects that the cost of cybercrime will reach $23.8 trillion in 2027. Cybercrime costs include damage and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack disruption to the normal course of business, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
Workplaces are trying mightily to protect their systems against this threat. There are many typical measures that workplaces take to protect against cyberattacks: training employees on safer behaviors, providing tools and software that can increase security, and implementing physical and digital barriers that protect information and places.
Problem is, no matter how much work and money and time goes into these measures, employees may or may not use them. Most successful attacks happen at workplaces where all of the above measures are in place to some extent. But the attacks succeed because an employee fails to do the right thing. No security measure works if employees click on suspicious emails, bypass their own security software, or hold digital or physical doors open for strangers. As Keri Pearlson, executive director of Cybersecurity at MIT Sloan explains, "we need a culture of cybersecurity because you can’t tell everyone everything they need to do. You need them to understand that organizational safety is part of what they need to do in today’s world."
So, information security is about getting employees to make the right choices. To make the right choices, people have to care about information security. "Care" means that someone feels concern or interest, or attaches importance to something. If a workplace can get employees to be concerned and interested in helping with information security--if employees see it as important--then the company can drastically improve its protection against cyberattacks.
Having employees who care only happens in a workplace with a culture of care. It's only possible when the workplace has a well-developed sense of purpose and belonging. Employees who are going to work just for a paycheck don't really care if something bad happens to their company--they can just go work somewhere else.
But when employees are dedicated and enthusiastic about their workplace and its purpose, they care. If they have the information and tools to make safe choices, they are going to stop and think about protecting their workplace, its employees, and its customers. They'll stop before they click on a suspicious link. They'll choose strong passwords and set up two-factor authentication. They'll close the door behind them, physically and digitally.
How do we get employees like this? It's a culture that is created intentionally and developed over time. Some of the core requirements for a culture of care are:
Having a caring, dedicated workplace culture is the bedrock of having a cybersecurity culture. When employees love where they work, they'll be careful to protect it.
Want to know more about building a culture of care? Take the first step and get our Smart Survey for your workplace. From there, Amazing workplace can provide help you build a happy, cyber-secure, workplace culture.
TM & (C) Amazing Workplace, Inc. Have questions? Contact firstname.lastname@example.org.