Incentives, while appealing, tend to create compliance that's short-lived or inconsistent. Reward-based systems can unintentionally minimize the importance of cybersecurity, often encouraging employees to merely check a box.
Just as a reckless driver would lose their government vehicle privileges due to frequent crashes, employees who repeatedly crash their "digital vehicles" should face real consequences.
This reluctance stems from a cultural mindset that only IT professionals should uphold cybersecurity standards, excusing regular employees' security lapses with claims that 'they're not really professionals' in cybersecurity.
A top-down commitment to security must include the implementation of real repercussions for lapses in cybersecurity standards, and publicly hold agency leadership accountable.
Collection
[
|
...
]