Below is a summary of what you will gain from this post on the 90 10 rule of cybersecurity:

• The 90/10 rule on security states that 90% of cybersecurity is about implementing the right policies and procedures, while the other 10% is about implementing the right technology.
• People represent your human risk, which is the least managed and mitigated risk in cybersecurity.
• Regular cybersecurity awareness training is important to ensure that everyone in the organization is aware of the risks associated with cybersecurity and how to mitigate them.
• Implementing strong policies and procedures for cybersecurity, a comprehensive cybersecurity strategy, a risk management plan, and an incident response plan is crucial to protect against cyber-attacks.
• Ensuring that everyone in the organization understands their roles and responsibilities when it comes to cybersecurity is important, including reporting potential security incidents and contacting the right people in the event of a cyber-attack.
• Technology, such as firewalls, antivirus software, intrusion detection systems, and encryption, is important to protect against cyber-attacks, but it's only a small part of the overall picture.
• Organizations can significantly reduce the potential for a successful cyber-attack by creating a culture of cybersecurity and making it the responsibility of everyone in the organization.

Have you ever heard of the 90/10 rule on cybersecurity? It's a concept that states that 90% of cybersecurity is about implementing the right policies and procedures, while the other 10% is about implementing the right technology. In other words, the vast majority of cybersecurity is about the human factor, the factor that follows approved workflows outlined in policies and procedures, rather than the technology factor.

The 90/10 rule on cybersecurity is based on the idea that the most effective way to protect against cyber-attacks is to focus on the people in your organization. People represent your human risk, which is the least managed and mitigated risk in cybersecurity. This includes ensuring that everyone in your organization is aware of the risks associated with cybersecurity and how to mitigate them. This can be done through a regular cadence of cybersecurity awareness training and ensuring that everyone in the organization understands how to protect sensitive information.

The other 10% of cybersecurity is about implementing the right technology to protect against cyber-attacks. This includes firewalls, antivirus software, intrusion detection systems, cloud configurations, and encryption, to name a few. While technology is an important component of cybersecurity, it's important to remember that it's only a small part of the overall picture.

The 90/10 rule on security is crucial because it reminds us that cybersecurity is not just the responsibility of the IT department. It's the responsibility of everyone in the organization. Look no further than all of the current data breaches at companies like Twilio that have been caused by human factors. By creating a culture of cybersecurity and ensuring that everyone in the organization is aware of the risks associated with cybersecurity, organizations can significantly reduce the potential for a successful cyber-attack.

How can organizations implement the 90/10 rule on security? Here are a few tips:

1. Provide regular cybersecurity awareness training for all employees. This should include information about how to identify potential threats, how to protect sensitive information, and how to respond to a cyber-attack. And, security awareness training should be done throughout the year.
2. Simulate attacks using tools like phishing simulators that give users experience with social engineering attacks.
3. Implement strong policies and procedures for cybersecurity. This should include a comprehensive cybersecurity strategy, risk management plan, and incident response plan.
4. Ensure that everyone in the organization understands their roles and responsibilities regarding cybersecurity. This includes ensuring that employees know how to report potential security incidents and who to contact in the event of a cyber-attack.
5. Implement the right technology to protect against cyber-attacks. This includes firewalls, antivirus software, intrusion detection systems, and encryption.

The 90/10 rule on cybersecurity is a reminder that the most effective way to protect against cyber-attacks is to focus on the human factor. By ensuring that everyone in the organization is aware of the risks associated with cybersecurity and implementing strong policies and procedures for cybersecurity, organizations can significantly reduce the potential for a successful cyber-attack. While technology is an important component of cybersecurity, it's only a small part of the overall picture. Remember, cybersecurity is the responsibility of everyone in the organization.

Haekka One is the most full features security awareness and human risk platform available to address the 90, or human risk, portion of the 90/10 rule on cybersecurity. We use AI and always up-to-date content to continuously engage employees about security awareness in the apps they use every day, including Slack and Google Workspace.