Work Place Safety vs. Cyber Space Safety

​Companies around the world have work place safety programs and here in the US we even have standards for minimum safety requirements for all workers.  See OSH. The reason for the wide spread acceptance can be broken down in two ways.  

First, we are dealing with real human lives and bodies. When something happens there is a physical result that we can see.  When dealing with chemicals or machinery, those results can be very graphic and immediate. We are already hardwired to be aware of physical safety and have developed an acceptance for programs designed to protect us.

Second, there is a long track record of work place safety resulting in positive results for businesses.  This makes it an easy “Yes” when going to the CFO and requesting budget for these kind of programs.

So the question is: “Why don’t we see the same kind of wide spread attention to cyber space safety?”.

There are three belief’s that I put forward that impact that question:

#1 It can’t happen here

#2 If it happens here it wont be that big a deal

#3 I can’t do anything about it anyway

There are many logical arguments that can build a case around those three beliefs.  This approach isn’t really that great if your goal is to modify behavior.  Simon Sinek did a great TED talk called “Start With Why“.  In it, he explores the “Why” behind buying behaviors.  Why do some brands have more impact and sway decisions where others don’t?  The answer is the same for these three core beliefs.

People respond to emotion, not logic when making a decision.

After the decision is made, logic is applied to enforces that decision.  It is very hard to effect change in behavior when you start with logic.  So what can we learn from Workplace Safety that we can apply to cyber space safety?

#1:  Engage at an emotional level about the Risk.

#2:  Show how it can impact employees personally

#3:  Share the plan and the metrics of safety to give control and accountability to everyone, not just a small group in the organization.

Maybe one day, Cyber Space will be just thought of Work Place.

Adam Anderson

Adam Anderson is the author of Built to Survive: A Business Person's Guide on How to Recover and Thrive After a Cyber Attack. Adam’s 15 years of entrepreneurial startup experience and his knowledge Enterprise Cyber Defense gives him a window into what’s wrong with communication between large and small companies. He combined this knowledge and the good works from the National Institute of Standards and Technology’s Cyber Security Framework to co-author the book “Small Business Cyber Security”. This book was later turned into an online class by Clemson University. Adam has been active in peer advisory boards for small business CEOs. He took this experience and co-founded a peer advisory board for Chief Security Officers of fortune 500 companies. This mix of small and large businesses has positioned Adam as one of the few people in the world to understand the complete supply chain of cyber security.
Posted in