Louise Steenekamp, IT head, SA Commercial at Aspen Pharmacare.
As cyber tools become more evolved and sophisticated, the importance of focusing on the role of human behaviour in cyber security becomes increasingly important.
“As humans, everything we do is shaped by our own perceptions. In essence, perception is reality,” says Louise Steenekamp, IT head, SA Commercial at Aspen Pharmacare.
Steenekamp will be presenting on “Cyber governance: the human factor” at ITWeb Governance, Risk and Compliance 2019, to be held on 21 and 22 February, at The Forum, in Bryanston.
According to her, these perceptions are shaped by a multitude of factors, including upbringing, social status, seniority, life stage and many more.
“All of these influence the way we act and react individually, in groups and in the workplace, including how we perceive, adopt, apply and stick to rules (or not).”
Corporate culture is impacted by various aspects, such as the country culture that it operates in, which in turn can be influenced either by the local culture of a subsidiary or the local culture of headquarters, which to some extent shapes ‘the way we do things’.
“Corporate culture is also typically adopted from the behaviour of leaders, which is often mimicked in the behaviour of their staff. This is why often, when a new leader joins an organisation, ‘the way we do things’ changes. Corporate culture is also influenced by the type of business: a traditional financial services organisation looks very different to a tech start-up.”
So how can behaviour and corporate culture influence cyber governance policy and tool design?
Steenekamp says when creating cyber governance policies and implementing accompanying tools, businesses should consider the degree to which employees would naturally adhere to governance rules, in the context of their predispositions.
“Policies and tools should fit in with corporate culture, and take human behaviour into consideration,” she notes.
If trying to enforce the same policies applied in a finance corporation to a tech start-up, people will simply find ways around the rules as they are typically entrepreneurial and not content with the status quo. “Conversely, providing enough freedom to explore in the policies while still ensuring the right level of governance will go further in keeping the environment secure.”
In her session, Steenkamp will explore how the integration of human behaviour, organisational culture and cyber security policy and tool design can assist in preventing the exploitation of human vulnerabilities.