Balancing fear and confidence: A strategic approach to mitigating human risk in cybersecurity

Despite technological advances, cybersecurity breaches persist, with human actions often being the weakest link. Educational programs and policies have been ineffective in reducing threats, as shown by rising trend data breaches and costs, averaging $9.48 million in 2023. The growing threat persists despite the plethora of tools and techniques, indicating a need for a strategic shift. Drawing on interviews with C-level IS executives and earlier experimental research, this paper advocates for greater care in warning users about security dangers, and simultaneously building their confidence in their ability to improve their cybersecurity safety. Managers must carefully balance their communications, instilling appropriate concern without causing excessive fear or negativity.