There seems to be a lot of parallels between where we are with cyber awareness and the early days of Health and Safety. I thought this was a unique observation until I raised it at the latest North East Fraud Forum event. The speaker quite rightly pointed out that he had heard such observations before. He burst my bubble gently yet at least this how’s that others are considering it in the same way.
Health and Safety used to be the butt of many a joke and to some extent it still is. In its early days it was seen as an unnecessary interruption to getting a job done or spoiling someone’s fun. It was often portrayed as a knee jerk reaction to the threat of legislation yet that was until something serious happened to someone in their workplace when there would be howls and cries of why wasn’t something done to protect them in the first place.
As health and safety legislation improved then the number of injuries, especially fatalities dropped and in this way it gained credibility and wide acceptance. At times there is still a reluctance to take all the precautions necessary yet the responsibility for employers to create a safe working environment for their employees is clear. On building sites these days it is absolutely clear, no personal protective equipment and you can’t work.
When considering cyber, the majority of businesses are still at the it won’t happen to us stage, or it is too expensive to do something about it stage. Eventually though market conditions and perhaps even the law will catch up. Supply chains will demand greater protection and compliance. People will demand greater protection of their identities and will vote with their pockets.
This will lead ultimately to a wider acceptance of measures to improve cyber security. In future it will be a case of no cyber security, no trade.
I’m sorry that it is not an original idea.