And while it’s easy to blame AI, rogue cells or malware, did you know that it’s actually employees who are responsible for about 60% of all cyberattacks on their companies?

Add to the mix that a recent study by application security SaaS company Indusface found that nearly two in five professionals surveyed have shared confidential data with AI platforms without their employer’s permission and we’re looking at a ticking timebomb.

So how do you engage employees with what many may feel is ‘just another business policy’?

In our cybersecurity campaign work with clients, our key recommendation is to ‘make it personal’ and reinforce employees’ accountability. It’s not only business data that’s under threat – their data is too – addresses, emails, phone numbers.  

If you run security awareness training, make it informative, clear, and focus on one key aspect of security at a time, such as email security, password security, etc.

Support the training with an awareness campaign with visual reminders like posters, digital screens and laptop stickers advising people what to do if they suspect phishing or other security breaches.

We’ve also found that engaging employees to take action through quizzes, leaderboards, and team exercises to measure cyber security knowledge also has impact. Little and often is the key rather than a longer session once a year.

Many people also don’t feel safe reporting security flaws at work, so it’s vital to cultivate an open, psychologically healthy workplace where people can report cybersecurity worries without fearing repercussion. Establish that everyone is equal, that your culture is not one of unfair consequence – and that you will take reports seriously.

Develop clear and effective communication plans that make sure everyone’s in the loop on company-wide cybersecurity strategies. Employees need to know how to categorise any potential issues, who to report them to, as well as how, to save crucial time in the event of a security incident. 

In short, make it clear that cyber security awareness is not just about protecting your business – it’s about protecting everyone’s data from potential threats. The more aware employees are about what cyber security is, the potential risks, and what to do when, then the more accountable they will be in a cyber security incident – because it is more likely to be when, not if.