Metanav

Three Reasons Why Organizations Don’t Take Cyber Security Seriously Enough

Three Reasons Why Organizations Don't Take Cyber Security Seriously Enough from IEEEThe risk of cyber attack regularly increases in frequency and danger. Every day, it seems, there is another news article about the next attack, which is creating a great deal of concern in organizations large and small. Yet cyber security as a whole continues to be underfunded by many organizations. Why?

One reason is that it can be difficult to predict the likelihood of a cyber attack succeeding, as well as the the extent of potential losses. As Alex Blau (2017) discusses in his article in the Harvard Business Review, decision makers must use their judgment to estimate how much to invest in cyber security, but some decision makers may rely on the wrong models when considering where and how much to invest. Here are three of the reasons he shares that explain why decision makers within organizations often don’t take cyber security seriously enough:

  1. They envision cyber security as a kind of fortification process in which strong firewalls and astute watchmen will allow them to see threats from afar.
  2. They assume that complying with a security framework like NIST or FISMA is sufficient security.
  3. They haven’t had a security breach recently, so what doesn’t seem broken doesn’t need to be fixed.

According to Blau, “The problem with these mental models is that they treat cybersecurity as a finite problem that can be solved, rather than as the ongoing process that it is.” He suggests that cybersecurity efforts should focus on risk management instead of risk mitigation. Every organization needs an ongoing plan in place to protect against the likelihood of cyber attack, which can cost millions, and even put you out of business.

How prepared is your organization to defend against cyber attack? If you’re interested in bolstering your cyber security skillset to better protect your organization from potential threats, check out IEEE’s latest course program, Cyber Security Tools for Today’s Environment.

Reference:

Blau, A. (2017, June 7). The behavioral economics of why executives underinvest in cybersecurity. Harvard Business Review.

, , , ,

4 Responses to Three Reasons Why Organizations Don’t Take Cyber Security Seriously Enough

  1. Emily C. Wright December 12, 2020 at 2:20 am #

    Really like these new tips, which I haven’t heard of before, like the SUBHEAD. Can’t wait to implement some of these ASAP

  2. sandipan mukherjee December 22, 2020 at 2:16 am #

    Yes you are right…Nowadays, businesses are getting more digitized and competitive than ever. Most of the transactions are now online and preferred over papers and pens and emails are prioritized over slow mails.

    Thanks to Globalization and Digitalization, businesses are now digitized, and breathes in a connected ecosystem – so do threats. Due to the digitalized and interconnected ecosystem, the companies are more vulnerable to cyber threats which makes cybersecurity an essential component. So, let’s go ahead and check out the top 5 benefits of cybersecurity services:

  3. Cyber Radar Universtiy January 15, 2021 at 3:56 pm #

    There are several high-profile cyber-attack examples that have gone up to more than half a million dollars. And the worst part is that these known examples are just the tip of the iceberg, there are also several data breaches that resulted in more than this amount but were not disclosed to the public due to brand image maintenance and people’s trust.

  4. samie August 16, 2021 at 7:22 am #

    Cybersecurity still isn’t taken as seriously as it should be by boardroom executives – and that’s leaving organisations open to cyber attacks, data breaches and ransomware, the new boss of the National Cyber Security Centre (NCSC) has warned.

Leave a Reply