How to Build a Culture of Cyber Awareness

How to Build a Culture of Cyber Awareness
October 26, 2023 6 mins

How to Build a Culture of Cyber Awareness

How to Build a Culture of Cyber Awareness

Everyone working for an organization is responsible for building a culture of cyber resilience.

Key Takeaways
  1. When it comes to cyber security, employees are an organization’s greatest asset and often its weakest link.
  2. Hybrid work environments mean that managers need to reinforce basic security principles and data protection.
  3. Executives are encouraged to take ownership of the cyber-security basics as well as prioritize threat assessments and data management strategies.

Simple training courses are no longer enough to build cyber resilience within an organization. To keep up with the increasing frequency, sophistication and severity of cyber attacks, companies should establish a culture of cyber awareness that extends to every level of the organization.

Kate Kuehn, cyber trust leader for Aon’s Cyber Solutions group, shares her ideas on how companies can work to build a culture of cyber awareness.

How critical is employee awareness and understanding to the overall cyber security strategy?

Kate Kuehn: When it comes to cyber security, employees are a company’s greatest asset and often its weakest link. Organizations should assess not only how they train employees but also how they’re raising awareness of the importance of that training. It’s that maturity of understanding that can make a difference in establishing effective cyber awareness. A good cyber culture helps protect organizations. A poor cyber culture often becomes the Achilles’ heel.

How is hybrid work affecting people’s cyber awareness?

Kate Kuehn: Employers are more reliant on hybrid work environments and technology than they’ve ever been. There used to be one set of rules for the office and one set of rules for travel, and everyone understood those boundaries. Now, we have the home, the office, travel and anywhere else someone might work.

But it’s still important to take the time to underscore basic security principles and best practices. Security is not just bricks and mortar anymore. Security is now primarily about data. We need to make sure people know what they are doing when they are accessing and interacting with data so they know how to keep that data secure.

You mentioned that cyber security is everyone’s responsibility. How should executives think about cyber security?

Kate Kuehn: When working with clients and their executive teams, I frequently encounter a mindset of “hear no evil, see no evil, speak no evil” when it comes to cyber security. Executives often feel like they don’t have to address what they don’t know. That mindset is going to be an increasingly perilous way to address cyber security, not just as cyber attacks become more damaging but also as new regulations are passed. From an executive perspective, cyber security is not a question of “Should I know?” It’s a question of “What should I know?”

It’s key for executives to have a good understanding of what solid cyber maturity looks like and how the organization is maintaining at least a base level of compliance. Whether you’re the CHRO charged with understanding how humans are being impacted by the culture and the data they’re accessing, the CFO examining the financial impact of an operational attack or a leader in any other role, you are responsible for cyber security. That doesn’t mean you have to suddenly become an expert on phishing versus smishing versus whaling, but you have to at least understand the basics to help keep your part of the organization compliant and safe.

Quote icon

From an executive perspective, cyber security is not a question of “Should I know?” It’s a question of “What should I know?”

Kate Kuehn
Cyber Trust Leader for Aon’s Cyber Solutions group
In terms of backup security and recovery, what’s the best approach: to go step by step or to define an enterprise-wide strategy?

Kate Kuehn: It should absolutely take incremental steps. It’s similar to the approach we recommend with the Zero Trust model. You can’t boil the ocean and do Zero Trust everywhere; you have to start small. The same is true with a backup strategy.

We’re seeing a significant rise again in unrecoverable ransomware. That makes backup strategies much more critical, because otherwise you may never get your data back. Given that you can’t back up everything, the executive team should work together to identify and help secure the crown jewels identified as critical for recovery. After that, it’s a question of prioritizing what’s most important. Start with those assets that keep the heartbeat of the organization going and branch out from there.

What further steps should leaders take to ensure they stay up to date on cyber awareness?

Kate Kuehn: The problem with cyber security is no matter how much money an organization spends on it, things still might fall through the cracks. Because of that, we recommend that organizations look to start with what is most basic and important and move out from there. One of the first moves is to make sure every executive has gone through a corporate threat assessment. Identify what is being said about key executives on the dark web, what the chatter is about the company or what external geopolitical, geographical or industry-specific threats the company is potentially facing.

Another step is to conduct an adversary simulation. Figure out what would happen if you were attacked in different types of scenarios. Every executive should know their role and what the organization needs them to do in response to the attack. That’s sometimes the hardest thing. Have a process in place that people can trust.

A corporate threat assessment and adversary simulation can help guide an organization on where to focus attention. Once you identify the top two or three critical threats, you can begin to build a road map based on those. Organizations shouldn’t just arbitrarily start building a plan on ransomware or phishing. If they have a better understanding of where to point the arrows, they can design and help execute a more robust cyber security plan.

Read more about the top cyber threats in the 2023 Cyber Resilience Report

Quote icon

The problem with cyber security is no matter how much money an organization spends on it, things still might fall through the cracks.

Kate Kuehn
Cyber Trust Leader for Aon’s Cyber Solutions group

General Disclaimer

The information contained herein and the statements expressed are of a general nature and are not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information and use sources we consider reliable, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

Terms of Use

The contents herein may not be reproduced, reused, reprinted or redistributed without the expressed written consent of Aon, unless otherwise authorized by Aon. To use information contained herein, please write to our team.

Aon's Better Being Podcast

Our Better Being podcast series, hosted by Aon Chief Wellbeing Officer Rachel Fellowes, explores wellbeing strategies and resilience. This season we cover human sustainability, kindness in the workplace, how to measure wellbeing, managing grief and more.

Aon Insights Series Asia

Expert Views on Today's Risk Capital and Human Capital Issues

Aon Insights Series Pacific

Expert Views on Today's Risk Capital and Human Capital Issues

Aon Insights Series UK

Expert Views on Today's Risk Capital and Human Capital Issues

Construction and Infrastructure

The construction industry is under pressure from interconnected risks and notable macroeconomic developments. Learn how your organization can benefit from construction insurance and risk management.

Cyber Labs

Stay in the loop on today's most pressing cyber security matters.

Cyber Resilience

Our Cyber Resilience collection gives you access to Aon’s latest insights on the evolving landscape of cyber threats and risk mitigation measures. Reach out to our experts to discuss how to make the right decisions to strengthen your organization’s cyber resilience.

Employee Wellbeing

Our Employee Wellbeing collection gives you access to the latest insights from Aon's human capital team. You can also reach out to the team at any time for assistance with your employee wellbeing needs.

Environmental, Social and Governance Insights

Explore Aon's latest environmental social and governance (ESG) insights.

Q4 2023 Global Insurance Market Insights

Our Global Insurance Market Insights highlight insurance market trends across pricing, capacity, underwriting, limits, deductibles and coverages.

Regional Results

How do the top risks on business leaders’ minds differ by region and how can these risks be mitigated? Explore the regional results to learn more.

Human Capital Analytics

Our Human Capital Analytics collection gives you access to the latest insights from Aon's human capital team. Contact us to learn how Aon’s analytics capabilities helps organizations make better workforce decisions.

Insights for HR

Explore our hand-picked insights for human resources professionals.

Workforce

Our Workforce Collection provides access to the latest insights from Aon’s Human Capital team on topics ranging from health and benefits, retirement and talent practices. You can reach out to our team at any time to learn how we can help address emerging workforce challenges.

Mergers and Acquisitions

Our Mergers and Acquisitions (M&A) collection gives you access to the latest insights from Aon's thought leaders to help dealmakers make better decisions. Explore our latest insights and reach out to the team at any time for assistance with transaction challenges and opportunities.

Navigating Volatility

How do businesses navigate their way through new forms of volatility and make decisions that protect and grow their organizations?

Parametric Insurance

Our Parametric Insurance Collection provides ways your organization can benefit from this simple, straightforward and fast-paying risk transfer solution. Reach out to learn how we can help you make better decisions to manage your catastrophe exposures and near-term volatility.

Pay Transparency and Equity

Our Pay Transparency and Equity collection gives you access to the latest insights from Aon's human capital team on topics ranging from pay equity to diversity, equity and inclusion. Contact us to learn how we can help your organization address these issues.

Property Risk Management

Forecasters are predicting an extremely active 2024 Atlantic hurricane season. Take measures to build resilience to mitigate risk for hurricane-prone properties.

Technology

Our Technology Collection provides access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities of technology. Reach out to the team to learn how we can help you use technology to make better decisions for the future.

Top 10 Global Risks

Trade, technology, weather and workforce stability are the central forces in today’s risk landscape.

Trade

Our Trade Collection gives you access to the latest insights from Aon's thought leaders on navigating the evolving risks and opportunities for international business. Reach out to our team to understand how to make better decisions around macro trends and why they matter to businesses.

Weather

With a changing climate, organizations in all sectors will need to protect their people and physical assets, reduce their carbon footprint, and invest in new solutions to thrive. Our Weather Collection provides you with critical insights to be prepared.

Workforce Resilience

Our Workforce Resilience collection gives you access to the latest insights from Aon's Human Capital team. You can reach out to the team at any time for questions about how we can assess gaps and help build a more resilience workforce.

More Like This

View All
View All
Subscribe CTA Banner