Cybersecurity affects every employee, from the executive team to marketing, sales, HR, etc. For this reason, cybersecurity should be everyone's responsibility. Cyrix found that 40% of employees believe that they assume no responsibility for securing information. This thought is why many organizations place the responsibility of cybersecurity on their IT departments' shoulders, but adequate security must be a companywide endeavor. Though it does make sense as they are the tech experts who would most understand how to keep a business secure. Still, employees are at risk every time they log onto their computers, and as such, an organization should not rely solely on one team for security. Here are three reasons why I believe cybersecurity is everyone's responsibility.
1. Employees are Potential Targets. Employees within an organization engage in activities that put them at risk daily, whether they realize it or not. Coming across a questionable link while browsing or receiving a spam email can happen to anyone. Employees cannot avoid or help address what they do not understand and recognize. According to ThinkCSC, whether the potential risks are phishing emails, ransomware, out-of-date software, unapproved applications, or malware, employees must be taught to recognize and report suspicious activity. Sophisticated cyberattacks will also target employees in critical positions or represent particularly vulnerable areas of the organization, including the CEOs, CFOs, CIOs, etc. As such, everyone within the organization should be aware and exercise cybersecurity.
2. Strengthens Defense in Depth. Defense in Depth is an approach to cybersecurity in which a series of defensive mechanisms are layered to protect valuable data and information. If one layer fails, another should step up immediately to thwart an attack. While technology plays a vital role on multiple levels, another essential layer of prevention is creating a security awareness culture across the organization. According to Heimerl, establishing a culture of security awareness within an organization is both a mindset as it is a mode of operation. Everyone within an organization needs to adopt this new mindset to help reduce vulnerabilities as part of a collective effort and enforce Defense in Depth.
3. A cyber breach could affect everyone within an organization. A data breach's financial impact is undoubtedly one of the most immediate and hard-hitting consequences that organizations will have to deal with. Costs can include compensating affected customers, investigating the breach, setting up incident response efforts, legal fees, and investment into new security measures, not to mention the eye-watering regulatory penalties imposed for non-compliance with the GDPR which could drive businesses to bankruptcy. According to The National Cybersecurity Alliance, 1,008 small businesses with up to 500 employees, found that after experiencing a data breach 10% went out of business, 25% had to file for bankruptcy, and 37% experienced a financial loss. Livelihoods could indeed be lost because of a breach, so everyone should protect their Livelihoods.
Cybercrime is more organized and sophisticated than ever before, and as such, every person in every company, in every organization, is a security champion.