Insights

/ Insights / Cybersecurity: We know the risks, but what about behavior change?

Free thinking from Grayling people

Cybersecurity: We know the risks, but what about behavior change?

10th November 2017


A recent report from National Cyber Security Alliance found that most Americans are more concerned about having their identity stolen than losing their main source of income. At the same time, according to the National Institute of Standards and Technology, six in 10 admitted to not changing their passwords regularly and reusing login credentials across multiple sites (security 101!).

As a communicator, this contradiction tells me a few things. First, that breaches like Equifax and Yahoo! are making consumers sit up and take notice. Second, that cybersecurity companies pumping millions of dollars into PR and advertising are actually getting through to the average American (phew!). But the third thing it tells me is the most concerning, namely that although the public understands the risks and knows what’s at stake, that for all the fearmongering, behavioral change isn’t happening.

Consumers – and businesses - are almost continually bombarded with commercials that tell them (I’m paraphrasing) “your security is at risk – buy our product!” This clearly isn’t working. To effect change, security companies must take a more constructive approach to their messaging. Think public education; think a collaborative approach to solving the hacking crisis. Point solutions and FUD just aren’t resonating.

At the enterprise level, driving action is even more difficult. According to PWC, the overwhelming number of security incidents are caused by employees, former employees or trusted contractors that are already inside your network. Given that the previously mentioned NCSA survey found that nearly all Americans were at least “somewhat concerned” about having their identity stolen, it’s hard to make an argument that the average office worker is unaware of the impact that a breach could have on their employer. Rather, it’s that they just don’t care.

At both the public and enterprise level, security companies are failing to achieve their number-one objective: to change behaviors. Sure, most Americans know they should be doing something to make their own identities and their employers’ data secure. But whether it’s that they’re overwhelmed with the choices presented to them, or that they simply believe that it won’t happen to them, they’re not taking precautionary measures.

Here’s my advice – stop selling just for a minute and start educating. Cybersecurity has the potential to be our next national crisis and it’s on us all to stem the bleeding before it’s too late.

Elliott Suthers is a Grayling senior vice president in San Francisco.


Grayling Team

Latest Insights

13th December 2018


Why you shouldn’t worry about Google’s next algorithm change

Alex Judd, GCore Business Director, explains why an honest, informed SEO strategy will always win in the long-term. It's a question I get asked a lot: "But what happens when Google changes its...

Read More

27th November 2018


UX Everything

Grayling’s CEO Middle East & Africa, Loretta Ahmed, on the importance of a well-designed user journey, in the latest post on our #6x19 trends forecast. The last Grayling trend for us to unveil is...

Read More

26th November 2018


The Future of Measurement and Evaluation

As AMEC Measurement Month 2018 draws to a close, Loretta Ahmed and Stephanie Stamatakou look ahead at what the future might hold. Please download the paper, and engage with the debate on Twitter,...

Read More