Most cyberattacks target people, not systems. In fact, the vast majority of attacks can be traced back to human failures. So, when you’re thinking about your company’s cybersecurity, you should really be thinking about your company culture. The authors developed six strategies to help leaders counteract information security risks, based on human psychology. First, asking employees to demonstrate commitment — say, by signing a formal commitment — makes it more likely they’ll follow through. Second, when senior leadership sets a good example, employees are likely to follow their lead. Third, reciprocity (or giving something to someone with seemingly no obligation for requited behavior) is one of the best ways to elicit return favor-giving. Fourth, people want what is rare or seemingly scarce and will make extra efforts to get these things. Fifth, people are influenced by those who are like them or those they find likeable. And lastly, people are more likely to comply with requests when these requests are issued by someone in an authority role, so when bosses show expertise, their teams are likely to listen.
