Search
00
GBAF Logo
trophy
Top StoriesInterviewsBusinessFinanceBankingTechnologyInvestingTradingVideosAwardsMagazinesHeadlinesTrends

Subscribe to our newsletter

Get the latest news and updates from our team.

Global Banking & Finance Review®

Global Banking & Finance Review® - Subscribe to our newsletter

Company

    GBAF Logo
    • About Us
    • Advertising and Sponsorship
    • Profile & Readership
    • Contact Us
    • Latest News
    • Privacy & Cookies Policies
    • Terms of Use
    • Advertising Terms
    • Issue 81
    • Issue 80
    • Issue 79
    • Issue 78
    • Issue 77
    • Issue 76
    • Issue 75
    • Issue 74
    • Issue 73
    • Issue 72
    • Issue 71
    • Issue 70
    • View All
    • About the Awards
    • Awards Timetable
    • Awards Winners
    • Submit Nominations
    • Testimonials
    • Media Room
    • FAQ
    • Asset Management Awards
    • Brand of the Year Awards
    • Business Awards
    • Cash Management Banking Awards
    • Banking Technology Awards
    • CEO Awards
    • Customer Service Awards
    • CSR Awards
    • Deal of the Year Awards
    • Corporate Governance Awards
    • Corporate Banking Awards
    • Digital Transformation Awards
    • Fintech Awards
    • Education & Training Awards
    • ESG & Sustainability Awards
    • ESG Awards
    • Forex Banking Awards
    • Innovation Awards
    • Insurance & Takaful Awards
    • Investment Banking Awards
    • Banking Awards
    • Banking Innovation Awards
    • Digital Banking Awards
    • Finance Awards
    • Investor Relations Awards
    • Leadership Awards
    • Islamic Banking Awards
    • Real Estate Awards
    • Project Finance Awards
    • Process & Product Awards
    • Telecommunication Awards
    • HR & Recruitment Awards
    • Trade Finance Awards
    • The Next 100 Global Awards
    • Wealth Management Awards
    • Travel Awards
    • Years of Excellence Awards
    • Publishing Principles
    • Ownership & Funding
    • Corrections Policy
    • Editorial Code of Ethics
    • Diversity & Inclusion Policy
    • Fact Checking Policy
    • Financial Awards
    • Private Banking Awards
    • Private Banking Innovation Awards
    • Retail Banking Awards
    Original content: Global Banking and Finance Review - https://www.globalbankingandfinance.com

    A global financial intelligence and recognition platform delivering authoritative insights, data-driven analysis, and institutional benchmarking across Banking, Capital Markets, Investment, Technology, and Financial Infrastructure.

    Copyright © 2010-2026 - All Rights Reserved. | Sitemap | Tags

    Editorial & Advertiser disclosure

    Global Banking & Finance Review® is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

    1. Home
    2. >Technology
    3. >Changing Perspectives: Are employees really a weak link in the cybersecurity chain?
    Technology

    Changing Perspectives: Are Employees Really a Weak Link in the Cybersecurity Chain?

    Published by Jessica Weisman-Pitts

    Posted on July 1, 2022

    6 min read

    Last updated: February 5, 2026

    Add as preferred source on Google
    A focused employee checks cybersecurity protocols on a tablet, illustrating the importance of workforce awareness in securing digital assets. This image relates to the article's examination of the employee's role in cybersecurity.
    Employee evaluating cybersecurity measures on a tablet - Global Banking & Finance Review
    Why waste money on news and opinion when you can access them for free?

    Take advantage of our newsletter subscription and stay informed on the go!

    Subscribe

    Global Banking & Finance Awards 2026 — Now Open for Entries
    Tags:securitycybersecuritytrainingEmployee engagementrisk management
    Global Banking & Finance Awards 2026 — Call for Entries

    By Avishai Avivi, CISO at SafeBreach

    The idea that people are the weakest link in the cybersecurity chain has been around almost as long as the industry. But how true is this, really? And even if it is true, is it wise to take this perspective?

    As attack rates soar, consumers and investors are both looking for answers – and for someone to blame. With digital attacks creeping into the physical realm and putting lives—not just data—at risk, it has never been more important to identify and eliminate the weakest links. In this post, we will lay out the traditional argument of people as the weakest link, then undertake a revisionist stance, to propose a change of perspective.

    The traditional perspective: people are the weakest link

    The argument that employees are the weakest link in the cybersecurity chain is both well established, straightforward, and seemingly well-documented. Employees regularly fall victim to a variety of threats including, but not limited to:

    • Phishing scams: Cisco Umbrella reports that 86% of organizations had at least one user try to connect to a phishing site.
    • Business email compromise (BEC) scams: The FBI has identified this as one of the most financially damaging online crimes.
    • Poor password hygiene
    • Insider threats: Verizon reports that 36% of all data breaches experienced by companies of 1,000 employees or more were caused by malicious employees. For businesses with fewer than 1,000 employees, 44% of all data breaches were caused by malicious employees.

    The rise in hybrid working, which places employees outside of the corporate network and the protection it entails, has also proven to be a significant challenge for security teams. At the end of the day, chief information security officers (CISOs) and other security professionals are simply not able to exert the same level of control over employees as they would over traditional security tools.

    The revisionist view: people are the strongest link

    While viewing employees as the weak link in the cybersecurity chain is understandable—especially in light of the statistics above—there are some problems that arise when this perspective is accepted.

    Organisations that see their employees as a weak link are likely to apply over-stringent security controls on employees. This not only hinders an employee’s ability to do their job, but can also encourage them to find “creative” ways around said controls. These creative methods are likely not monitored or secured by security teams, potentially opening the door for more significant vulnerabilities and risk.

    Employees are not intrinsically a weak or strong link in the cybersecurity chain – it depends on how well trained they are. If proper cybersecurity awareness training is provided, there’s no reason why employees shouldn’t be the strongest line of defence in an organisation’s cybersecurity stack.

    With this in mind, forward thinking organisations should view their employees as a security asset, rather than a security liability. The approach should not be to hoist employees out of incompetence, but to realise their potential as a strong last line of defence. Organisations should inspire their employees to realise that potential.

    Cybersecurity awareness training, while still a relatively new concept, is already proving to be an effective method for fortifying the human factor in cybersecurity. KnowBe4, a cybersecurity awareness training company, found that just 90 days of training for all employees brings down the risk of falling for a phishing scam from 27% to 13%. Translate these results to a company that incorporates security awareness training throughout its business infrastructure, and you may well see employees growing into an organisation’s most valuable security asset.

    Realising employee potential:

    Now that you have recognised the security benefits that employees can bring to an organisation, how do you go about realising them? We’ve established that effective cybersecurity awareness training is the way forward, but what does that entail?

    Fortunately, there are best practices that would place an organisation squarely on the path to security-savvy staff.

    • Initial assessment: Before cybersecurity awareness training is implemented, organisation’s must establish their baseline security posture. Metrics such as phishing susceptibility and general cybersecurity knowledge can be used as a control, a measure to establish the effectiveness of training initiatives.
    • Inclusive participation: The most effective cybersecurity awareness initiatives reach all areas of a business – from the CEO down. This ensures that everyone in the company is on the same page and promotes a security-first culture within the community.
    • Free and easy communication: Everyone within an organisation has the right to be informed on the company’s vision for cybersecurity, how they want to get there, and of the progress that has been made. One can’t expect employees to truly buy into an initiative they are only partially privy to.
    • Regular assessments and training: Security awareness training is not something that can be completed in hours, days, or even weeks. Not only do principles need to be reinforced and training effectiveness measured; the cyber landscape is constantly evolving – training needs to evolve with it.
    • Informed training: Training exercises should be carried out according to need – assessments will reveal where employees need the most support. It’s important to administer relevant training as soon as possible after the assessment is completed.
    • Reinforcement: Reinforcing key areas keeps cybersecurity firmly in the minds of employees. Training should have a rhythm, with each session building on the last. Employees won’t retain information dumped on them in haphazard, dense training sessions – continuity is important.
    • Reporting: Gauging the effectiveness of cybersecurity awareness training is reliant on reporting. Ensuring sufficient tracking and reporting is carried out will allow insight and increase actionable intelligence.
    • Motivation: Cybersecurity can be a dry topic – especially for those who aren’t in the industry. Keeping employees engaged relies on motivation. Making clear to employees that they are the strongest and most important link in the cybersecurity chain will instil in them a feeling of pride, motivating them to keep on top of their training. Gamification is another tried-and-true method of keeping people engaged. Positive reinforcement is also essential – implementing awards such as “cyber hero of the month” is a great way to make employees feel valued and motivated.

    The takeaways:

    To sum up, viewing employees as the weakest link in the cybersecurity chain is a somewhat misguided, oversimplified perspective – if a traditional security tool was neglected, it would be a weak link too.

    Employees are the most crucial element of a security stack. However effective existing measures may be, something will always slip through the net, and the security of the company will end up in the hands of an employee.

    In light of this, organisations must work to realise the benefits that security-savvy staff can bring about. By providing them with the proper training, tools and incentives, organisations can transform their weakest link, into their strongest link.

    Frequently Asked Questions about Changing Perspectives: Are employees really a weak link in the cybersecurity chain?

    1What is cybersecurity?

    Cybersecurity refers to the practice of protecting systems, networks, and programs from digital attacks, which aim to access, change, or destroy sensitive information.

    2What is phishing?

    Phishing is a type of cyber attack where attackers impersonate legitimate organizations to trick individuals into revealing personal information, such as passwords or credit card numbers.

    3What are insider threats?

    Insider threats are security risks that originate from within an organization, often involving employees or contractors who misuse their access to sensitive information.

    4What is cybersecurity awareness training?

    Cybersecurity awareness training educates employees about security threats and best practices to help them recognize and respond to potential cyber risks effectively.

    5What is password hygiene?

    Password hygiene refers to the practices and habits that ensure the security of passwords, such as using strong, unique passwords and changing them regularly.

    More from Technology

    Explore more articles in the Technology category

    Image for The Data Intelligence Gap: Why Precision Is Becoming Critical in Enterprise Sales
    The Data Intelligence Gap: Why Precision Is Becoming Critical in Enterprise Sales
    Image for How Data Observability Is Evolving in Financial Services
    How Data Observability Is Evolving in Financial Services
    Image for When Is a Dedicated Server the Right Choice for Your Business?
    When Is a Dedicated Server the Right Choice for Your Business?
    Image for Enter Now for Best IT/Technology Recruitment Agency 2026
    Enter Now for Best IT/Technology Recruitment Agency 2026
    Image for The Rise of Intelligent Automation: How Technology Is Redefining Work and Efficiency
    The Rise of Intelligent Automation: How Technology Is Redefining Work and Efficiency
    Image for How Automation Technologies Are Transforming Everyday Business Operations
    How Automation Technologies Are Transforming Everyday Business Operations
    Image for Asprofin Bank Announces Financing Initiative for Modular ‘Nanocenter’ Data Infrastructure
    Asprofin Bank Announces Financing Initiative for Modular ‘Nanocenter’ Data Infrastructure
    Image for Basel IV vs. The AI Bots: Why the Banking Rulebook Must Evolve in the Age of Algorithmic Herding
    Basel Iv Vs. The AI Bots: Why the Banking Rulebook Must Evolve in the Age of Algorithmic Herding
    Image for NordQuant Deploys Distributed Systems to Enhance Enterprise Digital Capabilities Introduction
    NordQuant Deploys Distributed Systems to Enhance Enterprise Digital Capabilities Introduction
    Image for Calling Entries for Data Center Deal of the Year 2026
    Calling Entries for Data Center Deal of the Year 2026
    Image for Nominations Now Open for Best Website Design Company 2026
    Nominations Now Open for Best Website Design Company 2026
    Image for Call for Entries: Best Digital Innovation Company (Non-Financial / Cross-Industry) 2026
    Call for Entries: Best Digital Innovation Company (Non-Financial / Cross-Industry) 2026
    View All Technology Posts
    Previous Technology PostResearch Reveals Use of Web Content Tools Is Expected to Grow as Internet Restrictions Continue to Tighten
    Next Technology PostOut of Office, Home and Away, Moving Up, Moving On; When Security Goes Awol