As the rate of cybersecurity breaches continues to increase, especially against mid-market organizations, companies are beginning to recognize that that an important part of mitigating the risk of breaches is continued user education. Unfortunately, internal stakeholders (and even some vendors) believe that a solution to bridging the cybersecurity knowledge gap starts and ends with quarterly or (gulp) annual emails/newsletters that attempt to educate their employees on safe online conduct. The reason such exercises are largely ineffective is because leaders do not understand the underlying root cause of their users’ poor understanding; the lack of prioritization of cybersecurity at the board level and c-suite.
For far too many years, the widening knowledge gap has been used as an excuse (by the c-suite and IT professionals alike) for lackluster cybersecurity practices. The gap continues to grow with the increasing complexity of cybersecurity threats and solutions. Leaders preferred that people stick to their “day job” and master their own domains. In the rare instances that any form of cybersecurity and best practices education was given, it was typically superficial, acute, sporadic, and random. It was (and remains) often ignored at the senior levels. However, with the more than 50% of SMB’s that will experience a cyber attack in 2019, AND negligent employees being the #1 root cause behind data breaches across North America according to the latest Ponemon report, the mere existence of a cybersecurity knowledge gap is no longer an acceptable excuse for organizations who experience a data security breach.