PELL CENTER for INTERNATIONAL RELATIONS and PUBLIC POLICY
3
Despite the growing scope and sophistication of cyber threats and the development of cyber tools
as technical weapons, there are not enough people equipped with the appropriate knowledge,
skills, and abilities (KSA) to protect the information infrastructure, improve resilience, and
leverage information technology for strategic advantage.
4
In cybersecurity, countermeasures
are implemented to reduce risks associated with the vulnerabilities of people, processes, and
technology. At present, the predominant trend to combat cyber risks among organizations across all
sectors is to pursue the latest security tools and technology.
While technology is certainly important to this eort, there must be an increased focus on people.
No matter how good any particular technology may be, its ecacy is limited if it is not eectively
adopted and implemented by management teams and correctly used by skilled employees who
follow well-dened processes. Otherwise, vulnerabilities will surface that can be leveraged by both
internal and external threat actors.
5
In short, any technology for combating cyber attacks is only as
good as the people who develop, implement, and maintain it.
Cybersecurity issues oen start with ordinary technology users who have not received proper
training, do not take security seriously, or prize convenience over security by—consciously or
not—sidestepping basic standards of best practices. Verizon’s “2012 Data Breach Investigations
Report” estimated that 97 percent of reported successful breaches could have been avoided with
simple, inexpensive corrective actions.
6
eir 2014 report rearmed that conclusion, noting that
“nearly every incident [analyzed] involved some element of human error.”
7
e Ponemon Institute’s
2013 “Cost of Data Breach Study” concluded that 35 percent of breaches were caused by human
error and 29 percent were due to system glitches and information technology and business process
failures.
8
Other post-mortems, such as the high-prole data breach of U.S. retailer Target Corp,
similarly concluded that breaches would be avoidable if organizations followed commonly known
cybersecurity best practices. To put it more bluntly: many successful cyber attacks—whatever their
motive or intent—are enabled by operator error and lack of training. In this environment, cyber
strategic leadership
9
and a team of skilled cybersecurity workers remain key to the survival of any
enterprise in the digital age.
4. Francesca Spidalieri, “Joint Professional Military Education Institutions in an Age of Cyber reat,” Pell Center, Au-
gust 7, 2013, http://www.salve.edu/sites/default/les/leseld/documents/JPME_Cyber_Leaders.pdf.
5. Greg MacSweeney, “10 Financial Services Cyber Security Trends for 2013,” Wall Street & Technology, December 5,
2012, http://www.wallstreetandtech.com/data-security/10-nancial-services-cybersecurity-tre/240143809.
6. Verizon, “2012 Data Breach Investigations Report,” http://www.verizonbusiness.com/resources/reports/rp_data-
breach-investigations-report-2012_en_xg.pdf.
7. Verizon, “2014 Data Breach Investigations Report,” http://www.verizonenterprise.com/DBIR/2014/.
8. Ponemon Institute, “2013 Cost of Data Breach Study: Global Analysis, ” May 2013, https://www4.symantec.com/mk-
tginfo/whitepaper/053013_GL_NA_WP_Ponemon-2013-Cost-of-a-Data-Breach-Report_daiNA_cta72382.pdf.
9. “Cyber-strategic leadership is […] the set of knowledge, skills, and attributes essential to future generations of leaders
whose physical institutions nevertheless exist and operate in, through, and with the digital realm. ese individuals
need not have specic training in engineering or programming, but they must be equipped with a deep under-
standing of the cyber context in which they operate to harness the right tools, strategies, people, and training to
respond to a dynamic and rapidly-developing array of threats.” See Francesca Spidalieri, “One Leader as a Time:
e Failure to Educate Future Leaders for an Age of Persistent Cyber reat,” Pell Center, March 26, 2013, http://
www.salve.edu/sites/default/les/leseld/documents/pell_center_one_leader_time_13.pdf.