According to the recently released 2022 Verizon Data Breach Incident Report, more than 82 percent of all data breaches are caused by human-based risks, which include phishing, business email compromise (BEC), and ransomware. A breach is an incident that results in a confirmed disclosure of data to an unauthorized party. While organized crime is now posing a significant threat to a threat to an organization’s cyber assets, people within the organization are a major weak link in cybersecurity.

Organizations can mitigate this increasing risk through the development of a security awareness program. This program emphasizes one key point: security is everyone’s responsibility. Security awareness programs are not one size fits all, but rather must be tailored to the organization’s specific needs and risk environment. Training should be ongoing, engaging, and lighter in tone, with humorous vignettes and other ways to engage awareness for individuals who are not security experts. With an increasing number of employees connecting to work from home and other locations besides offices, security must be thought of as omnipresent and as a normal part of life.