When I read about the latest cyber attack in the press I wonder how the ordinary person in the street is responding to the same story. Do they feel interested or intrigued? Do they want to understand more? Do they feel that they have a part to play? I suspect most don’t but instead believe it’s all part of a spooky, secret world of geeks and hi-tech language.
Our most precious information assets that drive our economic innovation and growth are under attack and the reality is that the majority of cyber attacks are successful because of the unwitting actions of one of us. Any one of us. Conversely, however, we’re not all involved in helping to tackle the threat. Companies have typically focused their cyber security effort, resources and budget on technology when we need a multi-disciplinary approach that places people at the heart of a strategy. We all need to be involved - everyone in an organization from the boardroom to the doorman, as well as our ecosystem of partners and suppliers.
But there’s a problem when it comes to the language typically used to discuss cyber.
All too often we read about ‘cyber warfare’, ‘cyber spies’, ‘cyber terrorism’ or many other terms that only mystify the problem and position it in the realm of the technologist or the intelligence community.
It’s not just the media. The way in which cyber risks are discussed and debated inside organizations also helps to distance most of us from understanding how we can play a part - this goes for members of the Board as much as anyone. I would suggest that the prevalent cyber vernacular is actually counter-productive in combating cyber threats.
What we need is a simpler language and simpler means to communicate the issue and prompt the question: “What’s my role in this and how can I help?” Cyber-attacks are growing in scale and impact and so it’s becoming more important that we all have the insight and confidence to discuss and be involved in improving our cyber resilience.
For organizations to take the necessary steps to improve their cyber resilience, they need to adopt a new way to communicate that engages everyone. This means:
- Bringing to life the risks by using plain English that links dramatic stories to business strategy and the impacts and consequences of different behaviours. As an example to illustrate the risks and impact of cyber-attack in a memorable and compelling way for a Board, AXELOS has commissioned a fictional story based on real-life events to show what a cyber-attack can do to an organization. The story is intended to communicate not only the financial and reputational damage of an attack but also the emotional and personal impacts a successful cyber attack can have on a company and its people.
- Using stories and the latest communication channels and media to illustrate what “good” and “bad’ look like in ways that engage staff. Training all your people needs to focus on being immersive, fun and challenging when, all too often, it’s dull and disengaging. Better, on-going learning will get people actively involved in developing their own ideas in ways that work best for them.
- Helping to make cyber risk relevant to all of us and something that everyone feels connected to. We need to build an environment where we’re all happy to openly discuss and share our own concerns and experiences, to report incidents and to suggest creative ideas for building awareness. The goal - to help keep the value of our business, in our business.
Read more AXELOS Blog Posts from Nick Wilding
Did you know you were a whale?
21st century cyber awareness for a 21st century threat
A cyber resilience Q&A with Karoliina Ainge, head of Estonian cyber security policy - Part 2
A cyber resilience Q&A with Karoliina Ainge, head of Estonian cyber security policy - Part 1
Cyber Resilience: it’s all about behaviours - Digital Leaders Conference presentation
Cyber Resilience: it’s all about behaviour, not bits and bytes
Cyber Resilience: We need to TalkTalk
Looking for Business Leaders in the Cyber Resilience Race