Perhaps it shouldn’t come as a surprise that opinions about who is responsible for protecting and keeping personal data safe online differ across generations. Is it up to the individual, or should the government shoulder some of the responsibility? In this recent article by IBD, the publication reported on the results of a recent poll seeking to answer this question.
“Among people aged 65 years and older, 40% said that consumers themselves bear responsibility for keeping personal data safe. That number was a solid 35% for people aged 45 to 64, which includes a good chunk of baby boomers. Only 30% of those aged 18 to 24 that took part in the survey said consumers bear responsibility. The number fell to 23% among those aged 25 to 44, which includes most millennials.”
Mark Pfeifle, a former deputy national security adviser and currently the president of communications firm Off the Record Strategies in Washington, states, “…cybersecurity really comes down to personal responsibility that everyone has, and every business entity has to secure their systems.” Pfeifle also notes, “A lot of intrusions result from an employee doing the wrong thing, it’s often human error.”
The decisions that humans make and the decisions that they make when facing stressful or unknown situations is part of what we help organizations test with our DECIDE® exercises. These exercises test and stress organizations’ security incident response plans and capture essential information regarding responding and remaining resilient through a cyber event.
Exercising your staff in their cyber roles is essential for your organization’s resiliency in the face of continued cyber-attacks.
Returning to the original question at the beginning of this post. Can you, and should you, rely on the government to protect your data, your company’s data? Or, should you take responsibility and ensure that your people are trained and up to speed with making the right decisions when faced with challenging situations?
At NUARI, our mission is to enable a resilient society through rapid research, development, and education in cybersecurity, defense technologies, and information warfare.