Enhancing organisational cyber security resilience: A human-centric approach
Abstract
This paper discusses how to build an effective ‘human firewall’ and foster cyber awareness within organisations. The paper moves beyond traditional technical safeguards and emphasises the indispensable role of human behaviour, decision making and organisational culture in cyber security. It highlights the ineffectiveness of one-off compliance training and advocates for continuous, adaptive, psychologically informed strategies such as gamification, nudging and storytelling. The paper underscores the critical influence of leadership, accountability and psychological safety in cultivating a resilient security posture. Practical recommendations are provided for integrating behavioural science into training programmes, establishing clear accountability and utilising exercises such as tabletop simulations to translate knowledge into actionable defence mechanisms, ultimately transforming the human element from a potential vulnerability into a formidable asset. This article is also included in The Business & Management Collection which can be accessed at https://hstalks.com/business/.
The full article is available to subscribers to the journal.
Author's Biography
Jonas Rendahl is Chief Information Security Officer (CISO) for Consilium Safety Group, based in Sweden. His journey into cyber security has been a diverse one, spanning various industries and roles, from metalworking to teaching, before he found his true calling in information security. Jonas’s fascination with computers and security began at an early age. At Lund University, he became deeply interested in the intersection of behavioural science and information technology, earning a Master’s in IT and a Bachelor’s in behavioural science. This academic background has shaped his pragmatic approach to cyber security. In his role as CISO, Jonas is responsible for establishing and maintaining security policies, managing information risks and overseeing disaster and recovery plans.
