Traditional approaches focused merely on raising awareness of cybersecurity threats are ineffective in reducing an organization’s cybersecurity risk levels. Increased speed and convenience (a perception that business needs outweigh the risk) and experiencing no adverse consequences for their actions are the most common reasons why employees engage in unsecure behaviors.
CISOs seeking to reduce the negative impact of human behavior on their cybersecurity risks levels should:
- Prepare to radically recast their approach to foster behavior changes.
- Plan a long-term program.
- Leverage the Gartner PIPE (practices, influences, platforms and enablers) Framework.
- Use behavior-centric, outcome-driven metrics.
Complete the form to get your copy of the research.