skip to main content

Cyber Resilience: Why Cybersecurity Is About Culture as Much as Technology

Cyber Resilience: Why Cybersecurity Is About Culture as Much as Technology

In the post pandemic world of work, robust cybersecurity defenses are more crucial than ever.

That is not saying anything that most of us don’t know, but it is worth repeating. The pandemic has accelerated digital transformation, making us all much more reliant on online tools and services than we were just two years ago.

In our profession, we have seen a significant shift to using cloud-based bookkeeping software; and our clients expect to be able to contact us over Zoom, Teams or chat, as well as in person. We store more critical data in digital strongrooms, either in the cloud or on in-house servers.

Across the corporate world, reputations, revenue and even the futures of businesses rely on being able to keep that information safe. That is not an easy task. Cybercriminals are a determined foe.

Doing the simple things - every time

However, as determined as the criminals are, the reputation of cybercrime can sometimes exceed its reality. Cybercrime is rarely rocket science. The things you need to do to foil most attackers are actually quite simple - you just need to do them again, and again, and again.

That means not just investing in an enterprise grade firewall, but making sure it is always updated to the latest version. It means backing up data on a daily basis. It means buying and applying Virtual Private Network (VPN) licenses for employees connecting to your network remotely and making sure they use them.

And perhaps most of all, it means making caution routine. Deleting an email that contains a link you don’t recognize once is not enough. You have to avoid clicking suspicious links every time you encounter them, from now until forever.

That is a tough ask, because it requires constant vigilance. Drop your guard on just one occasion and the hackers might be in.

The holistic approach to cybersecurity

That stark truth is confirmed by statistics. A recent report found that 85% of data breaches have a human aspect (source: Verizon, Data Breach Investigations Report 2022). The average cost of a data breach, meanwhile, is an eye watering USD 4.24 million according to IBM (source:

How do you avoid the calamity of a major cybersecurity incident? It takes a holistic approach, which certainly includes technology, and might require third party support.

Our cybersecurity practice, for example, operates a rapid response unit, which has a formidable reputation for forensically investigating security breaches and containing threats before significant damage can be done.

Education is your first line of defence

But whatever else you do, your cybersecurity strategy absolutely must include employee education. In one telling study, 61% of employees failed a cybersecurity quiz, and 60% of those that failed said they felt safe from online threats (source: cybersecurity survey).

That sort of misplaced confidence can be as big a threat to your organization as an unpatched server. Cybersecurity training should now be compulsory for all employees, as part of a process of continuing learning. Annual refresher courses should cover at least the basics, from recognizing phishing attacks and securing mobile devices to connecting securely to your network from outside the office.

Or to put it another way, cybersecurity needs to become a habit. Your resilience to cyber attacks depends on the continuous vigilance of every member of your organization.

So put the tools in place, from firewalls and antivirus software to intrusion detection and prevention systems. But remember that cyber resilience is as much about instilling a culture of caution as it is investing in the latest technology. As an organization, you are only as strong as your weakest link.




Please complete this form to hear from one of our innovative consulting professionals

Hide Firm Disclaimer


UHY LLP is a licensed independent CPA firm that performs attest services in an alternative practice structure with UHY Advisors, Inc., and its subsidiary entities. UHY Advisors, Inc.’s subsidiaries, including UHY Consulting, Inc., provide tax and business consulting services through wholly owned subsidiary entities that operate under the name of “UHY Advisors” and “UHY Consulting”. UHY Advisors, Inc., and its subsidiary entities are not licensed CPA firms. UHY LLP, UHY Advisors, Inc. and UHY Consulting are U.S. members of Urbach Hacker Young International Limited, a UK company, and form part of the international UHY network of legally independent accounting and consulting firms. “UHY” is the brand name for the UHY international network. Any services described herein are provided by UHY LLP, UHY Advisors and/or UHY Consulting (as the case may be) and not by UHY or any other member firm of UHY. Neither UHY nor any member of UHY has any liability for services provided by other members.

On this website, (i) the term "our firm", "we" and terms of similar import, denote the alternative practice structure conducted by UHY LLP and UHY Advisors, Inc. and its subsidiary entities, and (ii) the term "UHYI" denotes the UHY international network, in each case as more fully described in the preceding paragraph.