Although cyber attacks have tremendous financial and reputational ramifications for organisations, the number of high-profile data breaches continues to grow. Oftentimes, these data losses can be attributed to companies leaving themselves vulnerable through poor cyber security practices. This paper argues that companies must protect their businesses and customers from data breaches by implementing companywide changes and improving their overall security behaviour. The high-profile data breach experienced by Equifax, which affected millions of Equifax clients around the world, is used to illustrate the logic for enhancing organisational-level privacy programmes based on ethical reasoning. As new cyber security risks emerge, this case demonstrates that to protect critical data companies must be proactive in their technology security efforts.
Is cybersecurity research missing a trick? Integrating insights from the psychology of habit into research and practice.
The idea that people should form positive security habits is gaining increasing attention amongst security...