Interview
PRACTICE
Creating the right vibe For John Scott, head of security education at the Bank of England, encouraging people to take action on cyber-risk involves ditching the fear factor and building a culture of proactive carefulness BY ARTHUR PIPER
I
n October, the Bank of England (BoE) is planning to roll out a three-year programme aimed at taking its cybersecurity defences to the next level. The launch will coincide with National Cybersecurity Awareness month, where BoE teams up with organisations to raise the profile of the latest in cyber-defence nationally. John Scott, head of security education at BoE, is particularly excited to be talking publicly about his risk-based approach to the issue, which focuses on identifying the most important cyber-risks at BoE and providing staff with the positive behaviours to help mitigate those threats. His roadshow will include a session at IRM’s Risk Leaders Conference this November. Scott’s approach is built on two interrelated trends that he believes are hampering organisations’ attempts to deal with cyber-risk. First, the rapidly growing range of devices that connect to the internet – for everything from online banking to home security – has added layers of complexity to cybersecurity systems. This increasing technological entanglement makes it more likely that risks will crystallise because potential security weaknesses multiply. Second, bewildering levels of interconnectedness can lead people to switch off because they feel less in control. He cites Alvin Toffler’s influential 1970 book
10
Fear causes people to magnify risk and leads to disengagement
Enterprise Risk