Cybersecurity leaders looking to get organizations involved in the fight against digital threats often fall back on fear as a motivating factor. This is understandable given the immense scale of some of the cybersecurity breaches that were reported in the last decade, let alone those that didn’t make the news.
However, during a speech he gave last year, Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency (CISA), highlighted the need for the cybersecurity industry experts to stop using fear-mongering as their primary strategy.
"One of the things we've got to do a better job of is [to] stop selling fear. Fear sells, but we have far too much to offer to just be looking for the next mark. We’ve got to be more straightforward, more measured, more reasonable in how we talk about [threats],” Chris remarked.
“We have to take the hysteria out of the conversation."
Yes, Fear Sells…
Fear is a primal instinct that has served human beings well ever since we were cave dwellers. With the adrenaline it makes our bodies pump, it ensures that after surviving a negative experience we never forget how to avoid that same situation in the future. It’s a well-known fact that fear invokes the flight or fight response.
However, there’s a third response beyond flight or fight, that is not talked about as much and yet is just as common – freeze. Sometimes fear can simply paralyze – the classic "deer in headlights" phenomenon.
In the context of cybersecurity, this manifests as companies being so overwhelmed by the frightening views of experts that they are unable to put together coherent strategies to protect themselves – no wonder there’s a cybersecurity hiring gap and many continue to ignore it. Many business owners feel helpless given all the alarms being sounded and hence don’t bother trying at all.
…But at What Cost?
It’s also worth noting that fear has a detrimental effect on creativity which is very important today on both the individual and organizational levels. “If you are looking for behavior changes like those exhibited as increased commitment, creativity or engagement, then fear is an extremely ineffective motivator,” says Sharon Richmond, an executive coach and management consultant.
“The way our brains are structured is that when we feel fear, our brains move into ‘defensive mode,’ and our creativity decreases…This leads to lower risk taking, less generative thinking, and more compliance behaviors.”
On an organizational scale, operating in this kind of defensive mode can be quite costly – it can not only result in expensive mistakes, but also can lead to missed opportunities in the market due to the lower risk appetite and reduced propagative thinking.
3 Ways to Motivate Without Fear:
“To get to the more generative behaviors, our brains need to ‘feel safe’ and then become able to move into a mode of seeking pleasure vs avoiding pain,” Sharon adds.
1. Focus on Growth
Instead of simply looking to scare organizations into adopting the cybersecurity measures they need, leaders should figure out how to show the unique opportunities for growth that these measures present. For example, instituting strong cybersecurity policies can inspire greater customer loyalty as people feel more confident in trusting the brand with their private data – a common modern worry.
Instead of “do this, or you will get hacked” the approach should be “do this, and you will perform better at that… while not getting hacked”.
2. Rewards and Incentives
Additionally, a focus on integrating rewards and incentives instead of fear has proven to be successful for some companies. For example, inspiring employees to embrace a new cybersecurity tool with the approach of “whoever is the best at this new software at the end of this quarter gets a bonus”.
Fear and threats hurt employees’ confidence and self-esteem, and even produce bitterness or anger. Rewards, on the other hand, result in improved productivity, more gratitude, and stronger loyalty.
Closely related to the previous point, gamification is another alternative approach companies should consider applying in their adoption of new cybersecurity security measures instead of using fear.
An organization’s cybersecurity strategy can be broken down into small steps with a corresponding point system such that whatever progress employees make is measured, recognized and rewarded in real-time. This not only makes the adoption of the new measures more engaging but more effective too.
Need help putting together a cybersecurity strategy that’s not rooted in fear?
Call the experts at ASB Resources to guide you through the process. We have all the necessary insights, tools and resources to protect your company from cyberattacks. Schedule some time with us today!