Despite increased investment in cybersecurity behavior, as well as a greater emphasis on employee awareness, cyberattacks remain a threat to Financial Services Sector (FSS) organizations. At least in part, this is due to the challenge of aligning the cyber behaviors of employees with cybersecurity best practices. One possible avenue for resolving this challenge is to focus not just on employee awareness, but also targeting individual cyber hygiene behavior of employees, contractors, and third-party suppliers in FSS organizations.
Based on five key operational elements, the Capstone team developed a rewards-based pilot program that captures an individual’s cyber hygiene. The first element is the CyberHygiene Effectiveness (CHE) Score which measures individual employee cyber behaviors. The second is the set of processes used for adjusting, normalizing and supplementing the CHE Score, allowing FSS organizations to have the flexibility to adjust the CHE Score as their requirements dictate. The third is a privacy regime, which makes individual CHE Scores portable between organizations. The fourth is a role-based financial incentive model which links an individual’s CHE Score to their CHE Incentive Rewards – financial payments used to encourage improved cyber behaviors as measured by the CHE Score. Finally, the first four elements are joined together using gamification elements, encouraging employee engagement and generating competition to pursue higher CHE Scores.