recommended reading

Top 10 Reasons to Invest in the Human Element of Cybersecurity

Alexander Supertramp/


By Dan Waddell February 16, 2016

recent posts

Dan Waddell is (ISC)2 managing director, North America Region, and director of U.S. government affairs.

Today’s investment world can be described as tumultuous at best. In fact, I have actually heard the word “devastating” used on more than one occasion by a news reporter describing Wall Street’s performance over the past several weeks.

The good news is that there is a timely and lucrative investment opportunity available to those of us in the cybersecurity profession. There is no downside and no risk, and the return on investment is guaranteed to impact every area of our lives, from our finances to our jobs to our children’s future. Whether you are an executive, a middle manager, a practitioner or student, there is no better time like the present to invest in the “human element of cybersecurity.” Here are 10 reasons why:

People are more suited to changing culture and aligning cyber budgets to business needs: As compared to five years ago when cyberthreats were just starting to seriously threaten the bottom line of our nation’s economy, corporate executives and government leaders are now more open to growing their organization’s security team.

(ISC)2’s Philip Casesa, director of product development and portfolio management, says it best in a recent article, “If CISOs can tie the need for resources and people directly into something that the organization is trying to accomplish -- such as gaining revenue, launching new products or services, or showing how security is protecting it from theft of intellectual property or customers’ personal identification information -- they have an argument that senior management can’t ignore.”

Training lowers corporate risk: Advancing an organization’s security agenda no longer rests upon educating its cyber workforce; rather, its entire workforce must be educated in cyber. Research shows that increasing cybersecurity awareness training can reduce corporate security risk by up to 70 percent.

Additional benefit to offer prospective employees: The cyber workforce of the future will not resemble the workforce of the past, or even of the present. The extreme shortage of qualified professionals, the demand for specialized training, the silver tsunami and the focus on managing risk is reshaping the role of the cyber practitioner. Organizations that cater to this changing role by offering education, training and certification in emerging areas of career growth will attract the best and the brightest.

Improves employee retention: According to the (ISC)2 2015 Global Information Security Workforce Study, the top two initiatives for retaining security professionals are training related. Interestingly, “improving compensation” falls third on the list. In other words, training ranks higher on the scale of importance than salary when building employees satisfaction and retention. That speaks volumes for the importance of training.

Marketplace differentiator: A rise in vulnerabilities and costly breaches inevitably will reveal a security organization operating at a deficit of skilled cybersecurity talent, the devastation of which filters through the organization down to its very consumers/customers. Customers who are assured an organization is well-staffed with qualified security personnel -- and as a result provides a safer user experience -- sets you apart from other organizations.

Build customer trust: High-profile breaches have created an elevated sense of fear and have diminished citizen trust. More and more, citizens are determining their level of engagement online by the cyber profile of the organization. Hiring top cybersecurity talent and dedicating increased funding for training helps to regain citizen trust.

A powerful tool in the hands of a poorly trained operator is a dangerous concept: The classic knee-jerk reaction to any cyberincident is to buy a complex tool that can either prevent the next incident or mitigate prior ones. But equally important to having an effective tool is having a trained staff in place to safely use it.

Majority of breaches are caused by human error: With evidence that the majority of breaches are caused by human error, leaders are realizing people can be their organization’s greatest cybersecurity asset or greatest liability.  

Enterprisewide training programs foster collaboration and communication: Protecting digital assets was -- and remains now -- unchartered territory. It is an undertaking best achieved when experts in the field connect, collaborate and contribute.  Enterprisewide training programs that cut across departments (IT, finance, HR, legal, etc.) increase cyber risk collaboration and communication, helping to prevent a cyberincident from becoming a breach.

The “human” factor should be driving a “people patching” culture: Equal in significance to the best practices of software patching, vulnerability scanning or password management, is the ongoing nurturing of human awareness and vigilance through training, education and certification. Regular “people patching” must become a standard mindset.

For those of us long-term investors who have recently cringed at the arrival of our 401K statements in the mail, it’s time for a surge of internal fortitude and to refocus our attention on what we can be doing to nurture our human assets. Organizations must prioritize people if they are to see a greater return on their cybersecurity investment. While there is clearly a shortage of skilled cybersecurity professionals, there is an abundance of opportunity to invest in the human element – in many different ways at many different levels.

(Image via /


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.