Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecuritySecurity Leadership and ManagementSecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Removing the Human From the Machine Can Doom Cyber Resilience

By Devin Sirmenis
SEC0619-Edu2-Feat-slide1_900px
December 16, 2019

There is universal acceptance of the need to be cyber threat resilient—anticipating, preparing for and responding to events and adapting these efforts to continuously changing threat profiles. Creating the security-minded organizational culture needed to achieve resilience remains elusive. One challenge is that the human elements of commitment, collaboration and education are often overlooked. If your cyber risk management efforts remove key human elements from the “machine,” you might accomplish compliance but not resilience.

Kurt Lewin, the father of modern social psychology, put it best: “If you want truly to understand something, try to change it!” Below are three key “resilience killers” from lessons learned over years of working to change organizational mindsets to establish resilience. These are behaviors you should strive to avoid when maturing your cybersecurity capabilities.

  1. Lack of commitment. Many organizations address resilience as a stand-alone goal, compartmentalizing cyber resilience as a network management priority and moving it down the list past revenue and profitability, growth and acquisition, cost control and talent strategy. Leadership needs to recognize that cyber resilience is an underlying element that supports all business priorities. Technology solutions need to connect to the people, processes and protocols that drive business. The impacts of a cyber event are not siloed in one area of the company. Direct costs (forensics, legal fees, compensation for personal data compromise, theft of financial assets), operational costs (systems and service delivery disruptions) and cost of decreased customer confidence all result in lost time, productivity, revenue and possibly executive jobs across lines of business. 
  2. Static risk management. Intending to manage risk proactively is of little use if your organization cannot let go of “our way” or “the way it’s always been done.” Being dynamic requires agility – the willingness to change quickly and efficiently to meet emerging threats and think differently about your risk environment and security profile. Companies become static when they define strategies based solely on subjectively measured risks coming from independent operating units and fail to incorporate how the executive team looks at overall risk. Executive risk assessment of core functions should be paired with traditional business impact analysis at the process level, putting the greatest focus on the areas deemed the highest risk by senior leaders. This top-down approach creates an opportunity for IT to educate the business on how the application of technology addresses risk and enlightens IT leaders on when to tighten/loosen specific recovery objectives to satisfy business requirements.
  3. Limited training. Cybersecurity strategies often place emphasis on technical training that is limited to network teams. The critical need for developing leadership skills and building employee awareness which creates a security-minded culture is overlooked. Despite advances in cyber defense technology and security monitoring expertise, security infrastructure is only as strong as its weakest link. Most often, that link is human. Training that constantly reinforces security awareness among employees, partners and clients is not just wise, it is mission critical in becoming resilient.

Keeping these human elements of cyber resilience alive within the threat management machine is an ongoing, continuous organization-wide process. Honesty about how your organization matches up against resilience killers can help you establish a benchmark from which you can set new cybersecurity goals, policies and procedures and guide your path to creating a security-minded culture. An agile cyber defense model serves as a strong demonstration of preparedness, resilience and success, which will inspire confidence among all your key stakeholders.

KEYWORDS: compliance problems cyber security cybersecurity risk management training

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Dec 16 devin sirmenis
Devin Sirmenis is Managing Director of Corporate Resilience at Witt O’Brien’s, an emergency management and disaster response consultancies in the U.S. Devin has more than 20 years developing crisis management and business continuity programs for Fortune 500 firms. He brings an organizational leadership and culture perspective to the cybersecurity conversation that can help guide strategy, as well as promote meaningful dialogue between leadership and technical groups.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Top Cybersecurity Leaders
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Career Intelligence
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Broken wet floor sign

Why Response Time Is Becoming the Missing Metric in Workplace Safety and Security

Paparazzi

When Private Events Become Public Infrastructure: What Celebrity OSINT Teaches Security Leaders

Cyber Tactics

AIBOMs: Bringing AI Security Out of the Shadows, A Practical Guide for Security Professionals

Medical professional

Nearly 85% of Nurses Experienced Workplace Violence in the Last Year

Kaseware sponsored webinar
Schneider Electric sponsored webinar

Events

August 25, 2026

Critical Infrastructure Security Is National Security: Protecting Essential Operations in an Era of Escalating Risk

LIVE: August 25, 2026 at 2 PM EDT Learn why critical infrastructure security has become a national security imperative, and the strategies organizations can adopt to improve visibility, collaboration, and response across their security operations.

August 27, 2026

Leveraging AI & Mobility to Advance Your Security Domain

LIVE: August 27, 2026 at 2 PM EDT Explore how AI-driven cloud security solutions can elevate your security domain enhancing threat detection, streamlining operations, and delivering the resilience modern organizations demand.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • Study Provides Fuller Picture of the Human Cost from Terrorist Attacks

    See More
  • Cyber resilience through deception: What businesses can learn from federal cybersecurity frameworks

    See More
  • Burst of light

    The Internal Blast Radius of Ransomware Attacks: Why Cyber Resilience Must Start with People

    See More

Related Products

See More Products
  • Risk Analysis and the Security Survey, 4th Edition

  • s and the law.jpg

    Surveillance and the Law: Language, Power and Privacy

  • The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing