Employees as a Risk Factor for Cybersecurity

Cyber Sicherheit primärer Risikofaktor: Das Netzwerk der Mitarbeitenden.

and how training and awareness can help prevent it

McKinsey sees insider threats as one of cybersecurity's biggest problems. According to a study, they cause about 50% of incidents, with serious financial consequences for the companies concerned.
There are two types of insider threats: negligent (accounting for approximately 44% of cases) and malicious intent. In order to recognise and counteract negligent behaviour, McKinsey recommends various actions, including:

  • Micro-segmentation: Define high-risk areas and employee segments that have the greatest potential for harm. Work on measures to be taken. This helps to better understand and identify risks and to develop action plans for specific groups of employees.
  • Culture change: In addition to basic training, employees must be trained in cyber security as part of the corporate culture. For example, regular and targeted intervention campaigns are a good idea for improving understanding and learning. The behaviour and attitude of the employees are measured, and action strategies are developed based on this.

The NZZ also recommends targeted training of employees in order to promote awareness of risks and correct behaviour. Employee surveys, for example, make it easier to identify risk groups and develop appropriate measures. By changing the corporate culture, malicious and negligent incidents become less common and the company becomes proactive rather than reactive.

We would be delighted to advise you on how to implement the solutions proposed here.

Stay up to date with our newsletter and blog subscription:

Thank you for subscribing to the newsletter.
Something went wrong while submitting the form.

Newsletter

Stay up to date with our newsletter and blog subscription:

Thank you for subscribing to the newsletter.
Something went wrong while submitting the form.

Search

Search our website:

Related articles

TreeSolution Consulting GmbH becomes TreeSolution Security Awareness AG

TreeSolution Consulting GmbH is now called TreeSolution Security Awareness AG. The name change reflects our many years of experience and expertise in the field of information security and awareness. What does this mean for our clients and partners? Read more in this article.

...

The NCSC Semi-Annual Report 2022/2 is here!

The National Cyber Security Center NCSC has published the second semi-annual report for 2022: Information Assurance - Situation in Switzerland and Internationally. A brief overview. What is important for prevention?

...

Expert Talk - The TreeSolution service: IT security in companies and employee behavior

There are many providers on the market who train employees in IT security. Dr. Thomas Schlienger, security awareness pioneer and founder of TreeSolution Consulting GmbH, is one of them. In this interview, he talks about what to look for when selecting a service provider, what is needed for optimal training, how TreeSolution's offering differs from the competition, and much more.

...

All articles
TreeSolution Security Awareness AG
www.treesolution.com
+41 58 510 98 00
info@treesolution.com
+603 4149 8128
info-apac@treesolution.com
Information
Home
About us
Publications & Talks (PDF)
Partner Program
Case Studies
Downloads
Blog
Contact
Privacy Terms
General Terms and Conditions (GTC)
Solutions
Security Awareness
Awareness Strategy
Security Awareness Measurement
E-Learning
Awareness Campaigns
Phishing Training Service
Chatbot Training Service
Become a member
Security Awareness Club
Social Media
Subscribe to our Newsletter
TreeSolution LinkedIn Profile
TreeSolution YouTube Channel
In order to be able to optimally design and improve our website for you, we use cookies. By continuing to use the website, you agree to the use of cookies. For more information about cookies, please read our Privacy Terms.
Close