Proactive cybersecurity must be a shared responsibility across an organization.

Cyber risk no longer falls on the IT Department; re-thinking cyber risk provides an opportunity to design a cybersecurity program that entices investors, empowers employees, and satisfies regulators.

Shift Your Risk Mindset: The Human Element

The risk mindset of cybersecurity falling on the shoulders of the IT department does not translate to the digital era we live in today – everyone is responsible. Firms must adopt a risk mindset that threats are ubiquitous, beginning with company leadership.

Culture (including cybersecurity investment) is driven from the top. Corporate leadership must elevate cybersecurity as  a top priority and get on board to provide employees with the tools to build knowledge, implement security best practices, and address risks appropriately.

Inspire Ownership: The Onus is on All Employees

Employees must understand how significant cybersecurity is to your bottom line and reputation. Furthermore, they should serve as the organization’s first line of defense against cyber threats. But, how do you inspire employees to take ownership of security?

Share the Bigger Vision: Transparent communication company-wide is critical to building a foundation of trust and clarity. Explain the bigger picture and how your cybersecurity culture fits into that goal.

Foster Collaboration: Involve employees in the conversation. Welcome their observations and insights; employee voice creates representation and untold ownership.

Instill Awareness and Cybersecurity Intelligence through Robust Tools

With the proper culture and training, companies empower their staff with the tools to identify and escalate risks, as appropriate. Mock phishing, discussion forums, and specific training all drive cyber intelligence, but the approach must be unique to your organization. However, in considering your best fit, remember that refreshers or continued education on threats, risks, mitigation, and remediation is necessary for success.

A leadership-demonstrated cybersecurity approach is much stronger than siloed cyber management!

Performance Reporting to Hone Skills

Staff should be tested on phishing campaigns, and their performance must be evaluated and reported on. Based on reporting metrics, companies should offer to re-educate those employees who require additional training. When evaluating cybersecurity solutions, consider an IT Partner that provides on-demand, interactive employee education modules to engage users and ensure accessibility.

Enhancing cybersecurity skills and infusing secure behavior helps mitigate the risk of a data breach or other cybersecurity -related incident, protects sensitive business information, and safeguards customer data.

Celebrate Success

Celebrate those who champion your cyber culture. Take the time to acknowledge staff one-on-one. Express your appreciation for their commitment and potentially, offer the reward of progressing their professional development with additional responsibility. If cybersecurity proves to be an area of employee interest, provide opportunities for continued education and advancement (every corporation needs dynamic cybersecurity champions).

Reinstate your company’s commitment to security excellence and foster a culture of cybersecurity!

To keep pace with the evolving threats and regulatory landscapes, organizations must strengthen and grow their approach to cybersecurity risk management. Creating a company commitment to security excellence (from the top down) is not only necessary to business success, but differentiates your cybersecurity program as a revenue generator.


Dana Pickett serves as former Edwards Principal of Cybersecurity and CISO. He is experienced in managing programs with a focus on both business and technical risk management for cybersecurity, audit and privacy/compliance with diverse requirements. While being a member of various task forces for industry and state government cyber security, risk management and compliance initiatives, Dana has proven to be effective in communicating to executive management, various senior executive boards and councils, and Audit Committees to achieve sponsorship and governance.