Media Center


Creating a Cybersafe Workplace Culture

Lacy Rex September 19, 2023

The news has been full of cyberattacks recently – and they’re not just targeting small companies.

MGM Resorts faced a large cyberattack that had caused the company to lose an estimated 10-20% of revenue per day the company’s systems were down across the country.

Competitor Caesars Entertainment faced a similar cyberattack, but the company is rumored to have paid a $15 million ransom to the cybercriminals behind the attack to avoid disruptions.

Clorox, the popular maker of cleaning products, warned that an August 2023 cyberattack will lead to product shortages in the near term.

The list goes on and on.

In fact, cyberattacks are on the rise, and 90 percent of security leaders say their organization is falling short in addressing cyber risk. And while corporate leaders understand the importance of developing a cybersafe workplace culture to combat the problem, few know how to make it happen.

At Oswald, we have guided our clients to adopt a strategic process around managing cyber risk and have provided numerous educational and training opportunities.

Still, we have found the most important tool in fighting malicious cybersecurity bad actors is the employees of the organization. It’s important to routinely shine a light on cybersecurity for all employees so they understand the importance of cyberattacks, ranging from financial threats to reputational damage.

A 2021 study found that 44 percent of corporate security incidents were caused by employees who fell victim to phishing scams. To address the issue, companies should provide regular training sessions for all employees to help them spot a phishing attempt and avoid falling prey to the scam.

Employers also should instill the value of a cybersafe culture. Reward employees for completing training sessions and provide incentives when potential attacks are reported to the IT team.

Corporate leaders who invest in cybersecurity set the vision that this is an important initiative for all employees. All companies should have an Incident Response Plan as part of their Strategic Cyber Plan. When a cyberattack occurs, and it will, your company will be able to activate the plan to respond quickly and efficiently.

Last year, Oswald led the “Cyber Protection Webinar Series: Hygiene, Incident and Breach Response,” that is now available on demand as a reference for cyber security planning. The four-part cyber series reviews cyber security from an insurance, legal and technical perspective. The panel discusses current potential threats, the importance of cyber insurance, and the protocols to follow that can help your business avoid or overcome cyber and ransomware attacks. To conclude the series, the team leads a cyber tabletop simulation of what to do in the event of a cyberattack.

For more information, visit our Cyber Risk page or contact:

Lacy RexLacy Rex
VP, Cyber Strategic Leader
Oswald Companies



This post was originally published in October 2022; updated September 2023.