"Human Error" in Cyber Security - It's not what you think!

It's a constant message in cyber security - companies are being breached, and they blame "human error" for about 90% of those breaches. The core question is, where exactly is the human error? Is it the staff member that was tricked, or does responsibility lie somewhere else?

I'm going to dissect this with 4 scenarios:

1. I own a courier company, I employ a new driver, and I just stick them behind the wheel.
✪ In cyber security this is equivalent to letting someone operate a computer without any awareness training. Good luck, you have no idea what they will click on, what information they will give out etc.

2. I employ a new driver, but I check that they have a current drivers license.
✪ For me that's equivalent to a compliance program of cyber security awareness. i.e. "tick a box, they've got the minimum".

3. Now what if I send them on a defensive driving course?
✪ For me that's equivalent to using engaging cyber security awareness training.

4. Now I realise that the person being the best driver they can be will reap rewards for my business. They crash far less, and that saves downtime, insurance, repair costs, reputation. So I run a constant refresher program. We talk about current road rules, new road rules, have a slogan, do standup chats about near misses and how we handled it, and regular assessments on knowledge. It's all done in a fun and engaging way.
✪ For me that's equivalent to cyber security cultural change. i.e. embedding awareness into the culture of the organisation so people are constantly suspicous and thinking about scams.

So what's human error?

As an employer doing number 3 or 4, you won't have many issues. Sure there will be the occasional hiccup, but not enough to make it into the news.

But if you're doing number 1 and 2, you'll be getting mistakes, potentially lots of them, and you may call that human error. But who employed them? Who failed to see assess how competent they were? Who failed to provide them with skills and knowledge they needed to do the job? Who failed to continue to nurture them, and keep them at the top of their game.

That's the human error. You can't get the best out of people, if you don't help them to be the best they can be!

Get in Touch

Contact Details