How internal communications plays a vital role in workplace cyber security

Cyber security ranks highly for many businesses, even more so than improving the customer experience, increasing employee productivity and enabling digital transformation according to a 2022 survey by the Enterprise Strategy Group. This article will explore why cyber security is so important for businesses, what it means for internal communicators, and how internal communication specialists can effectively share cyber security messages.

Why is cyber security so important?

Cyber security is the state or process of protecting and recovering computer systems, networks, devices, and programs from any type of cyber attack.

A cyber security breach will impact each organisation differently depending on the timing of the attack, duration of the attack and which industry the business operates in. However, common impacts of a cyber security breach include:

  • Loss of reputation. Customers and stakeholders lose trust and are unlikely to do business with a company that has been breached, especially if it impacted customers’ data
  • Theft. This includes stolen data, logins, intellectual property and more.
  • Financial losses. A data breach report by IBM states the average cost of a data breach in 2021 is $4.24M, up 10% from 2019
  • Fines. Depending on where your business operates, monetary penalties may apply too. In the EU there’s a 20 million fine for breaching General Data Protection Regulation (GDPR) rules

To put the importance of cyber security into context, Microsoft spends $1 billion on cyber security every year, and American investment bank JPMorgan Chase spends over $600 million each year. Recently the New Zealand government has budgeted hundreds of millions of new funding for cyber security resilience.

person logging into laptop using mobile phone as a 2FA

Phishing remains the most popular method of cybercrime because it exploits human nature.

What does cyber security mean for internal communicators?

Internal communicators play an important role in educating the workforce on the importance of cyber security, the company’s cyber security policies and what to do in case of a data breach.

Spending more on cyber security without aligning it to the wider business doesn't guarantee a safer organisation. Research from Accenture shows that the companies that perform best against cyber threats adopt a holistic approach to cyber security. This means strong collaboration between security officers and the right executives to gain a 360-degree view of the business risks and priorities.  

As an internal communicator, you play an important role in bridging the gap between the IT department and the rest of the business. You help them get their cyber safety messages out there and receive feedback. As a result, the IT department will have a clearer sense of purpose and better align cyber security with the wider business goals.

How to communicate about cyber security to the workforce

You don’t want vital messages about cyber security to be buried in an inbox or lost on the company intranet. Instead, here are nine tips on how to communicate the importance of cybersecurity to employees to make sure they follow through and stay safe against network threats.

1. Understand the fundamentals of cyber security

13% of businesses believe that internal communicators should add cyber security to their list of skills. Understand the fundamentals of safety, security, and privacy to effectively support cyber security measures across your business.

 2. Start communicating about cybersecurity during onboarding

Set good cyber safety habits from the start. Onboarding is a great opportunity for you to educate new employees on cybersecurity best practices (such as setting a password for the computer), and company cyber security policies so new employees know what to do in the event of a breach.

person sitting at his computer working from home

An unsecure computer connected to the internet can become a target of more than 2,000 cyberattacks daily.

3. Create a single source of truth for all your cyber security content

Do you have a dedicated IT channel on a workforce communications platform or a page on your intranet where your workforce can access information directly and resolve their issues? Having a single source of truth for all your cyber security content removes confusion, streamlines onboarding, and stores critical information. Here are some cyber security content ideas:

  • How-to resources. Educate employees on how to identify phishing emails and more
  • Important IT documents. This includes cyber security policies and best practices
  • Tips and tricks. Educate employees on cyber safety, malware and more

4. Communicate over multiple channels

A person needs to see a message seven times to remember it, and 17 times to act on it. Communicate cyber security messages over many communication channels such as:

  • e-Learning courses
  • Email updates
  • Screensavers
  • Bite-sized messages on workplace digital signage screens
  • Lunch-and-learn sessions with your IT team
  • Intranet sites

Launch a cyber security program in 2 minutes

Want cyber security content to share with your workforce? Vibe.fyi offers a free cyber security program (and fun quiz) you can easily share on workplace digital signage, screensavers or web browser home pages.

Learn more about our cyber security program

5. Highlight the positive cyber security behaviours of top executives

As with many internal messages, it needs to be driven from the top. Ask company leaders to model the right cyber security behaviours to exemplify the importance of cyber security. Some ideas include sharing their experience with a cyber attack, or how they maintain a security-conscious mindset.

6. Celebrate and communicate your cyber security successes

It’s not all doom and gloom when it comes to cyber security. It’s important to let your workforce know what is working! For example, if an employee does the right thing and reports a phishing email to the IT department, share the success.

woman at her desk, smiling and looking at a tablet

In a 2021 Deloitte survey, over 40% responded that transformation and hybrid IT were the most difficult parts of cybersecurity management. 

7. Sustain the communications

Cyber security is not a one-and-done campaign. Continue to drip-feed communications throughout the year and amplify your messages when it’s time for compliance training.

8. Make learning fun

Cyber security quizzes are a fun way to test how much cyber security knowledge your workforce retained. For example, if you have a bring-your-own-device policy, you could run a quiz to make sure staff know and understand the rules for using their phone at work. You can also put together a survey and reward participation with prizes.

Preview of the vibe.fyi cyber security program quiz

Unlock free cyber safety content with our fun cyber security quiz

9. Keep messages positive

Keep communications positive. Staff will tune out very quickly if your messaging is fear-driven, too length or dull. To create internal communication messages that boost employee engagement, your messaging needs to have these five characteristics to be unforgettable.


screenshot of Vibe/'s cyebr security program slide

A look at Vibe.fyi's free cyber security program content featuring bite-sized messages

More articles

How internal communications plays a vital role in workplace cyber security

Graphic Designers and Brand Guardians: Answers to your Vibe.fyi Questions

Webinar: The ultimate hack for getting cut through with a hard-to-reach workforce