Companies around the world have work place safety programs and here in the US we even have standards for minimum safety requirements for all workers. See OSH. The reason for the wide spread acceptance can be broken down in two ways.
First, we are dealing with real human lives and bodies. When something happens there is a physical result that we can see. When dealing with chemicals or machinery, those results can be very graphic and immediate. We are already hardwired to be aware of physical safety and have developed an acceptance for programs designed to protect us.
Second, there is a long track record of work place safety resulting in positive results for businesses. This makes it an easy “Yes” when going to the CFO and requesting budget for these kind of programs.
So the question is: “Why don’t we see the same kind of wide spread attention to cyber space safety?”.
There are three belief’s that I put forward that impact that question:
#1 It can’t happen here
#2 If it happens here it wont be that big a deal
#3 I can’t do anything about it anyway
There are many logical arguments that can build a case around those three beliefs. This approach isn’t really that great if your goal is to modify behavior. Simon Sinek did a great TED talk called “Start With Why“. In it, he explores the “Why” behind buying behaviors. Why do some brands have more impact and sway decisions where others don’t? The answer is the same for these three core beliefs.
People respond to emotion, not logic when making a decision.
After the decision is made, logic is applied to enforces that decision. It is very hard to effect change in behavior when you start with logic. So what can we learn from Workplace Safety that we can apply to cyber space safety?
#1: Engage at an emotional level about the Risk.
#2: Show how it can impact employees personally
#3: Share the plan and the metrics of safety to give control and accountability to everyone, not just a small group in the organization.
Maybe one day, Cyber Space will be just thought of Work Place.