In 2007, cyber responsibility was brought to public attention when HMRC sent two CDs containing the private data of 25 million UK citizens in the post - neither of which ever arrived at their destination.
HMRC sent them again, and yet again the discs went missing.
Worse still, those CDs are unencrypted, and have never been recovered. They could be in the hands of cybercriminals. Criminals who now have access to your earnings, tax details, pensions, addresses, and phone numbers.
Clearly that’s an obvious case of a lack of cyber responsibility. But it also emphasises the shared commitment and accountability among employees, management, and IT teams to enhance systems, solutions, processes and practices to improve cybersecurity. It is the concept of joint responsibility that creates a robust and resilient defence against digital threats, fostering a safer digital environment for the organisation and its stakeholders.
It can never be a one-man battle. It requires the collective vigilance and commitment of individuals, organisations, and governments to protect sensitive data and prevent potentially catastrophic breaches like the HMRC incident.
The Cybersecurity Landscape
In 2023, 32% of small businesses suffered an attack. For medium businesses, this rose to 59%, and 69% for large businesses. This is an average 8% rise each.
One of the primary drivers of this worsening situation is the expanding attack surface due to the proliferation of connected devices and digital services. The Internet of Things (IoT) has introduced countless vulnerable entry points for cybercriminals. Your TV, your doorbell, and even your fridge now connect to the internet. These gadgets often come with the security equivalent of a cardboard fort. This is a golden opportunity for cyber criminals, and they’re ready to attack, get into your network, or in the worst case scenario – wreak havoc in your most critical sectors.
Furthermore, nation-state actors, organised crime groups, and hacktivists are becoming more adept at leveraging advanced tools and techniques, often with financial or political motivations. Criminals look for the easiest access point, so even if you aren’t their main target, they may use you as a launch pad to attack other businesses that are a part of your broader supply chain.
Ransomware attacks, data breaches, and supply chain vulnerabilities are making headlines with alarming regularity. With the average cost of a data breach increasing year on year, currently at £4.5 million in the UK, businesses are beginning to see the importance of investing more in cybersecurity. However, the online adversaries continue to adapt, which means businesses need to do the same, and why proactivity is needed.
Building a Cyber-Responsible Culture
The key to fostering a cyber-responsible culture is collective responsibility.
Take, for example, opening a phishing email. The employee who clicks on the suspicious link or attachment is directly responsible for their actions. However, the responsibility also extends to the organization's IT department and security team, who should have implemented effective training and security measures to prevent such incidents from occurring in the first place.
At its core, a cyber-responsible culture means that every member of the organisation acknowledges, understands and acts upon their role in maintaining cybersecurity and understands the gravity of their collective responsibility. This culture values open communication, transparency, and accountability, where employees feel empowered to speak up and share their concerns about potential security risks without fear of repercussions.
Employees are on the front lines, interacting with the digital systems and data that are potential targets for cyberattacks. They must be aware of cybersecurity best practices, such as recognising phishing attempts, using strong passwords, and practising data security. Leadership, on the other hand, is a part of the culture, but is also responsible for setting the tone, providing resources, and exemplifying the importance of cybersecurity. It's not just about top-down enforcement but demonstrating, supporting and enabling a commitment to a secure environment.
One of the significant challenges to building a cyber-responsible work culture is the fear employees often have of repercussions when they raise concerns against their superiors.
Accountability for All
Conosco's approach aims to encourage open communication and the practice of "200% accountability". Employees are invited to speak up without fear of repercussions when they identify potential security issues or areas for improvement, even if it involves speaking up against a superior.
This accountability model acknowledges that no individual can be 100% responsible for all aspects of cybersecurity. Instead, the responsibility is distributed across the team, collectively contributing to a stronger and more secure digital environment. 200% accountability encourages every member of the organisation to take ownership of their role in protecting sensitive data and systems. This means not only being responsible for their own actions but also actively looking out for potential security risks and vulnerabilities in the larger context of the organisation.
Conosco promotes the use of Anonymous Security Reports (ASRs), which is a relatively new approach in cybersecurity methodologies and which has already proven successful in some industries. ASRs allow employees to report security concerns anonymously, creating a safe environment where they can bring attention to issues that might otherwise go unaddressed. These reports are then collected and analysed, helping organisations triage and address the flagged risks effectively.
6 steps to a cyber-responsible culture
As cyber threats continue to evolve, organisations must proactively take steps to instil a cyber-responsible culture. By giving employees the confidence and empowerment to protect the company and your services, you can protect your assets and enhance the overall security posture .
1. Leadership Commitment: Start at the top. Leadership should demonstrate a genuine commitment to cybersecurity. This includes setting clear expectations and allocating necessary resources.
2. Education and Training: Invest in cybersecurity awareness programs and training for all employees. Ensure they can recognise phishing attempts, understand password hygiene, and grasp the basics of data security. Refresh this training regularly to keep staff on top of the latest cyber threats. Make sure it is part of employee onboarding, as well as the annual training for every person in the business.
3. Establish Cyber Policies: Develop clear, concise cybersecurity policies and procedures. Make sure they are accessible to all employees and regularly updated to reflect evolving threats.
4. Accountability: Promote the concept of "200% accountability" Encourage all employees to take ownership of cybersecurity. Make it a shared responsibility.
5. Encourage Reporting: Create a safe environment for employees to report security concerns. Consider implementing Anonymous Security Reports (ASRs) to remove the fear of repercussions.
6. Reward Cyber-Responsibility: Recognise and reward employees who actively contribute to cybersecurity efforts.
The Conosco Advantage
Creating a cyber-responsible culture is the cornerstone of a secure and resilient organisation. At Conosco, we're driven to build the tools and process to make taking the first steps a breeze, meaning you can get to grips with safeguarding your data and maintaining trust with your stakeholders.
Our innovative approach, rooted in the principle of 200% accountability, provides the tools you need to empower your team and fortify your digital defences.
Take your first step towards cyber responsibility and reach out today for personalised guidance and solutions.
