Embracing the human element in cybersecurity strategies
Addressing the silent adversary within
As the global landscape of cybersecurity evolves, it’s becoming increasingly apparent that human-centric designs are key in strengthening and optimising cybersecurity programmes. The narrative of cybersecurity has traditionally been one of technical measures and policies. However, an internal adversary has crept up unaddressed—burnout. With job-related stress factors and intense workloads, nearly half of cybersecurity leaders are predicted to change roles by 2025. Recognising and addressing this silent adversary is the first step towards creating a nurturing environment that focuses not just on the health of the cybersecurity systems, but also on the wellbeing of the teams that maintain them.
Empowering employees to safeguard the organisation
This focus should extend beyond the team, however, as humans are a significant source of security incidents. Often, it isn’t a super hacker deploying novel techniques that causes the problem, but rather inadvertent vulnerabilities created by the organisation’s own employees. Therefore, helping business leaders and employees to make threat-aware decisions is pivotal. By spotting risky behaviours early, organisations can take a proactive approach to minimise the risk, enhancing enterprise agility in the process. This goes beyond phishing tests and resilience to social engineering; it’s about elevating conversations to value propositions and business models.
The broadening scope of cybersecurity
Additionally, the mission of cybersecurity has expanded with the digital transformation of businesses. As many enterprises become digital end-to-end, the cybersecurity mission now encompasses protecting the entire value proposition. The return on investment for cybersecurity is the ability to be a digital business. A crucial aspect of this protection is understanding the balance between security controls and usability, thereby minimising cybersecurity-induced friction.
Understanding and reducing cybersecurity-induced friction
One such friction is the internal risk brought about by the increasing pace of change in organisations. The pressure to keep up with technological advancements and fast-paced release cycles often prompts employees to bypass security protocols in favour of speed and convenience. This behaviour increases the risk of security incidents, necessitating a stronger focus on managing insider risk. Implementing human-centric design in cybersecurity can go a long way towards reducing this friction. Cybersecurity leaders need to participate in the design phase and beta testing of tools and processes to understand the user experience and potential for risky workarounds.
Looking to the future: Cybersecurity and human-centric design
As we look to the future, the development of formal insider risk management programmes will likely rise from the current 10% to 50% by 2025. It is also anticipated that by 2027, half of the large enterprise CISOs will adopt human-centric security design practices to maximise control adoption. However, while over 60% of organisations are predicted to embrace zero trust as a starting place for security by 2025, more than half may fail to realise the benefits due to poor strategic implementation.
The essential transformation of the industry
The evolving landscape of cybersecurity is no longer solely a game of technology and controls. It is about people and how they interact with, influence, and are influenced by these systems. By redoubling our focus on the human element and designing cybersecurity programmes accordingly, we can build more secure, resilient, and agile organisations. The human element is not just an aspect of cybersecurity. It is becoming the heart of it. A focus on human-centric design in cybersecurity is more than just a pivot—it’s an essential transformation for the industry.