Why do many security policies fail?

During Cyber Security Awareness Month, our cyber security experts answered the most frequently searched questions on securing digital communications, working safely from home and eliminating the biggest cyber risks. In video and written format. 

Today: Why do many security policies fail?

No time to watch the full video? The question is also answered below (in more detail than in the video).

When we go back to the core of cyber security awareness, it is important to first thoroughly explain the 'why' and most importantly, 'why' most policies fail. Because in many cases security is not the most important thing on your employees' minds. Teresa Mendez, Senior Product Manager explains: "Security policies fail. Well, let's face it." 


Security often means adding extra activities to your day-to-day work

"Security policies fail. Well, let's face it. We're all human. I don't like doing extra things, I get in the fear of my day. I want to do what I want to do to get my job done. Sometimes I feel like security is an onerous thing that is added onto us."

Generally security policies fail for a couple of reasons:

  • The very first thing you need to do is actually make your employees aware of why it's important for them to properly secure information.

Your employees need to know what they should do, when they need to do it, and why they're doing it. So for example, if you have secure data that you need to protect by using encryption, and its sent to certain clients, every time your staff sends the data to those clients, it needs to be encrypted.

  • The second reason why security policies fail is because of tooling. You need to make sure that it minimises any changes to their current workflow. If you're asking them to do something extra, make it a little easier for them to do that with tools that integrate with ones you already use.

So alongside the encryption of email, having a tool that fits right in your team's email client would be especially helpful.

Lack of awareness and not having the right tools

In summary on why most security policies fail, it's because of the lack of awareness among employees on why they really need to apply a particular security policy.

What's the risk to the company, and why is it important for employees to take some responsibility for that as part of their job? 

And please, make sure you help facilitate this for them. Enabling users to apply the correct security protocols in their digital communications with easy-to-use tools, makes the world a safer place, and your sensitive data better protected.

Download the 'Safeguard sensitive information while working from home' e-book.

Cyber Security Awareness - Question and Answer (Q&A)

Curious about our other 'Cyber Security Awareness' Question & Answer articles? Discover multiple answers by clicking on the links below or view all Cyber Security Awareness Q&A videos on our YouTube channel.


Written by

Kevin Lamers

Originally published on October 6, 2020

Last update on January 6, 2021