Just because someone is aware of something does not mean they will participate in it. I have a quote that I came up with a few years ago and I often use, “there is no problem facing corporate America that is more widespread, more serious, and more fixable than cybersecurity.” And that quote is as true today as the first time I wrote about it.
So why is a problem that is so widespread and so serious only fixable but not fixed? There are several reasons for this but let’s start with the basic assumption that “it will not happen to me.”
Driving with Seatbelts
For many years cars came with seatbelts. Everyone knew they would keep you and your family safe in the event of a car crash. But adoption of seatbelts was minimal at best. They even put in passive restraint systems to augment seatbelts. It did not change many minds. Finally, the government mandated seatbelts and people now finally started wearing them.
There is no difference with cybersecurity. It is a known fact that you need to be actively protecting yourself from an attack on the internet. But many companies and employees do nothing about it. It is just like driving your car. I know I am going to drive my car without a seatbelt on, I know I could get in a crash and potentially die. But I am not really going to do anything about it because it will not happen to me. Cybersecurity participation is like this but even more so.
From Awareness to Action
So how do we get from awareness to participation? How do we get people to act? Well, there are several ways. One used frequently by cybersecurity vendors is fear. Fear is a powerful motivator but when used too often it can become ineffective itself. Compliance is another way but that is long-term and cumbersome. A better way is leadership. We have the best and the brightest, the people with the most courage and conviction leading our companies.
We need to show our leadership to make people act. To get them to participate. Let’s show our peers, our customers, our employees, and our supply chain that we lead from the front. We lead by example and take cybersecurity seriously. Let’s not wait for the next major breach and the crisis that follows. Let’s show everyone that their awareness is our participation.