Beancounters at analyst outfit Gartner are warning security and risk management (SRM) leaders to focus more on human-centric elements when creating and implementing cybersecurity programmes.
Gartner says SRM leaders must be focused on the essential role of people for security programme success and sustainability, technical security capabilities that provide greater visibility and responsiveness across the organisation’s digital ecosystem; and restructuring the way the security function operates to enable agility without compromising security.
Gartner senior director analyst, Richard Addiscott said “A human-centred approach to cybersecurity is essential to reduce security failures. Focusing on people in control design and implementation, as well as through business communications and cybersecurity talent management, will help to improve business-risk decisions and cybersecurity staff retention.”
Human-centric security design prioritises the role of employee experience across the controls management life cycle, the analyst house claims.
By 2027, half of large enterprise CISOs will have adopted human-centric security design practices to minimise cybersecurity-induced friction and maximise control adoption.
“Traditional security awareness programmes have failed to reduce unsecure employee behaviour,” said Addiscott.
“CISOs must review past cybersecurity incidents to identify major sources of cybersecurity induced-friction and determine where they can ease the burden for employees through more human-centric controls or retire controls that add friction without meaningfully reducing risk.”