Deutsch
free
whitepaper
How to change security behaviour
XDOWNLOAD

Employees as a Risk Factor for Cybersecurity

and how training and awareness can help prevent it

McKinsey sees insider threats as one of cybersecurity's biggest problems. According to a study, they cause about 50% of incidents, with serious financial consequences for the companies concerned.
There are two types of insider threats: negligent (accounting for approximately 44% of cases) and malicious intent. In order to recognise and counteract negligent behaviour, McKinsey recommends various actions, including:

  • Micro-segmentation: Define high-risk areas and employee segments that have the greatest potential for harm. Work on measures to be taken. This helps to better understand and identify risks and to develop action plans for specific groups of employees.
  • Culture change: In addition to basic training, employees must be trained in cyber security as part of the corporate culture. For example, regular and targeted intervention campaigns are a good idea for improving understanding and learning. The behaviour and attitude of the employees are measured, and action strategies are developed based on this.

The NZZ also recommends targeted training of employees in order to promote awareness of risks and correct behaviour. Employee surveys, for example, make it easier to identify risk groups and develop appropriate measures. By changing the corporate culture, malicious and negligent incidents become less common and the company becomes proactive rather than reactive.

We would be delighted to advise you on how to implement the solutions proposed here.