Global losses from security breaches, including lost productivity, are forecast to double from $3 trillion per year in 2015 to $6 trillion per year in 2021, according to analyst firm Cybersecurity Ventures. This means organizations must consider building a cyber aware culture. This can be a major commitment when many organizations are expected to do more with less. Resources must be spent developing, implementing, and monitoring a cyber awareness program. Employees will spend time on initial training and, further, incorporating these procedures into their everyday work. How do we determine a safety net versus a road block? We must find balance.

In a cyber-aware environment, there may be a requirement to submit a request for new software versus having the ability to install software on their own. What’s the loss of productivity in this scenario? Well, it’s possible a project may be postponed while waiting on the software approval and installation. What’s the benefit? A fully vetted software installation is much less likely to have malware that could lead to an organization-wide shutdown. Often, malware is contracted through “drive-by” downloads. Also, when the IT team controls the installations, they know the software exists on the network and can be proactive in handling security patches, further protecting the network.

In a new cyber security effort meant to protect the organization from phishing, the IT team blocks all outside email with links and attachments. This will certainly limit the risk of a phishing attack, but at what cost to productivity? If sales employees cannot be sure they are receiving all communications with clients or the HR department cannot receive resume attachments or links to LinkedIn profiles, how can they do their jobs at all?

As the cyber threat grows, the benefit of a cyber awareness program increases. But there still must be balance. If technology is too restrictive, productivity will dwindle as employees are unable to complete certain tasks or their creativity is stifled. This is why awareness is so important. Rather than only limiting access via technology, you must educate and empower your users to make smart decisions. Find the balance of access and education that allows your organization to flourish while staying protected online.