Organizations are bombarded by a multitude of threats and pressures from a variety of sources that require them to strengthen cybersecurity (CS). In addition to threats from cybercriminals, organizations also face pressures from regulators, business partners and other sources to strengthen CS. Despite these threats and pressures, most organizations lack an appropriate CS investment strategy. A 2014 global survey of PricewaterhouseCoopers indicated that only 38% of organizations had a methodology to prioritize CS investments based on risk and impacts on business strategy. According to a 2011 survey sponsored by Symantec and the National Cyber Security Alliance and conducted by Zogby International, 77% of U.S. small businesses lacked formal written CS policy for employees and 49% lacked even an informal policy.
In light of the above observations, the presentation will discuss how organizations may fall into the various traps that can contribute to their failure to take appropriate CS measures. It also delves into mechanisms that can help them escape the traps of cyber-insecurity. With illustrations of many real world examples, the presentation documents best practices, as well as the pitfalls that are to be avoided in order to strengthen CS. It combines theories, concepts, ideas and findings from a number of disciplines such as neurochemistry, computer science, psychology, criminology, law and international relations to analyze CS. The presentation proposes a holistic approach that takes into account organizational functions and activities that are likely to be affected as well as the roles and responsibility of all organizational actors in strengthening CS. It will also have major pointers towards refining and evaluating various performance measurement criteria and metric in order to strengthen CS.