Implementation of cybersecurity changes will always create an abrasive reaction among employees and higher-ups. With employees, they are comfortable with the current technology, despite the vulnerabilities in place. Cybersecurity changes in technology force them to put in more work in accessing applications, or overall tasks, which creates a feeling of annoyance or working from the ground up again. Higher management dislikes the change due to perceiving it as a cost that doesn’t produce anything to generate more revenue. Furthermore, both groups lack a deep understanding of cybersecurity and will have less incentive to like the change due to not understanding what it may do.

To mitigate these reactions, I feel that the best action would be to educate both groups on basic cybersecurity knowledge, what the changes will affect, and how it is beneficial to the organization. Educating employees on cybersecurity will inform them of basic risks to look out for and having them be involved with testing the changes made to applications can help maintain workflow. For higher management, educating them on the larger costs that come from a lack of cybersecurity practices or data breaches will be an effective method for informing them and creating incentives to invest in more practices. Overall, education on cybersecurity practices, changes, and benefits, is necessary for improving the responses to technology changes within an organization.

https://staysafeonline.org/resources/cybersecurity-its-more-than-it/