Cybersecurity: when preventive culture becomes the best corporate shield

Since 2018, Chile has been celebrating National Cybersecurity Month in October, an initiative that seeks to strengthen and promote digital security and digital culture.

Chile's continued progress in cybersecurity has paid off. Last September, Chile moved up to 19th place in the world in the NCSI ranking, which measures countries' cybersecurity preparedness, maintaining its leadership in Latin America. This is thanks to the approval of the Cybersecurity Framework Law, which has increased our level of compliance in this area, making us one of the most digitised countries in the world.

However, despite the above, Chile faces a worrying rise in attempted cyber-attacks, from 6 billion in 2023 to 27.6 billion in 2024, which shows that there are still many challenges to be addressed in terms of prevention and early detection of cybersecurity incidents.

While it is important to have backups, business continuity plans and disaster recovery plans in place, investing in technology and experts alone is not enough. Reports in recent years show that human error is responsible for more than 95% of cybersecurity incidents, linked to human vulnerability as a gateway, and that 55% of companies in Latin America have suffered cyber incidents, including data breaches.

A cyber-attack or security breach could affect companies with consequences beyond the loss of information. For example, a denial of service could bring critical systems to a standstill, preventing the company from producing, selling or servicing for days, resulting in millions of dollars in losses.

In addition, a cyber-attack that exposes personal and/or confidential data generates a loss of confidence in customers, investors, partners and suppliers, devaluing the digital reputation of the company, an asset that today is worth as much or more than a financial asset, and that could take years to rebuild.

This is why it is vitally important to create a culture of prevention and digital education within companies, as the lack of preparation makes workers the most vulnerable link in the corporate defence.

How do we create a culture of cybersecurity? In an organisation, promoting a culture of cybersecurity means training and raising awareness, through initiatives focused on workers and collaborators.

Companies must foster habits, responsibility and effective communication between all areas, not only in the IT department.

This is materialised in multiple actions and efforts such as:

• Training and awareness-raising for all employees, through regular trainings that include from top management to operational staff.
• Conducting phishing drills and interactive exercises
• Encouraging incident reporting
• Establish robust information security policies, with clear and easy-to-apply language
• Implement comprehensive protection technologies, etc.
• Appoint a cyber security officer or manager
• Align culture to regulatory frameworks

Fostering a culture of corporate cybersecurity reduces risks and vulnerabilities, improving early detection capabilities and enabling early response to incidents. This not only maintains the availability of services, but also preserves the trust, integrity and availability of data for employees, customers, partners and investors.

Thus, transforming security into a shared value promotes interdepartmental collaboration and coordinated incident management, which facilitates decision-making based on timely and secure information.

In the end, information security should not be seen and conveyed as a burden, but as an equally shared practice that brings multiple benefits and ensures trust and security for all.