Organizational culture must be reinvented for the information age.

—Christiane Wuillamie, OBE, chief executive of PYXIS Culture Technologies Ltd

INTRODUCTION

In earlier chapters, we explored cybersecurity strategy, cyber value, and cyber compliance precepts for effective cyber risk management. This chapter focuses on one of the most fundamental precepts that intertwines all precepts concerning cyber risks—the human element. Even if the BOD and C-LEs understand all three tenets outlined in the previous chapters, this does not guarantee that the business is secure. Every cyber breach has a human thumbprint, which makes cyber risk everyone's issue in any organization. From the top to the bottom, everyone must be accountable for cyber risks.

Organizations will still be continually subjected to cyber-attacks despite establishing a cybersecurity strategy, adopting the cyber value precept, and being cyber compliant with laws and regulations. Malicious actors are exploiting or profiting from human mistakes that give attackers access to secured critical infrastructure and critical information. A cyber culture is a missing link for cybersecurity strategy to be more effective. Organizations must recognize that technology alone will not eliminate attackers. Organizations must begin harnessing human intelligence (judgment) as a critical component for success in today's cyber risk landscape. Without a human-centric approach, organizations ...