Most businesses believe that their organizations are being exposed to increased cyber risk because of growing complexity in the organization. With ever-greater quantities of sensitive data being stored, new technologies like Internet of Things (IOT) getting adopted, and new cyber risk threats constantly emerging, companies need to adopt organizational risk metrics into their overall risk posture assessment and cyber risk planning activities.
Employees are not following corporate security requirements because the perception is that if they follow the security requirements, they will not be productive. Employees also perceive these security policies as an hindrance to their ability to work in their preferred manner.
Human and cultural elements can further complicate matters, as employees may not fully abide by corporate security requirements due to perception that adhering to the security requirements, will reduce productivity. Employees may even personally view security policies as a hindrance to their ability to work in their preferred manner. A complete cyber risk strategy will incorporate measures that educate the entire workforce on why the benefits of strict adherence to policies outweigh the costs, thereby encouraging unanimous buy-in.