Cyber governance – the human factor


Graham Croock | Director | CyriskCo Advisory | mail me |

Cyber and information technology security governance refers to the system by which an organisation directs and controls IT security and, to a large extent, involves decision making to mitigate cyber risks.

By definition, this implies that cyber governance determines who is authorised to make decisions regarding the adoption of frameworks and the design and implementation of effective controls, which to a significant extent rely on continuous human involvement.

Cybersecurity is a human problem since it is a system and technology problem, not only in terms of strategy but also in ensuring that organisations are taking a human-centric approach to enhance cyber and information security controls.

People dynamic

Cyber and information security risks do not merely revolve around devices and security solutions. While some believe information security (Infosec) teams are the gatekeepers for all aspects of cybersecurity, it is, in fact, all employees who play a crucial role in keeping an organisation safe.

Effective cyber governance requires that the human factor receives significant attention to ensuring that employees are familiar with potential security threats and remain committed to the control environment and associated policies, processes and procedures required to mitigate the risks continuously effectively.


Corporate IT infrastructure, cybersecurity, and corporate governance requirements have become incredibly complex and continue to evolve.

The intricacy brought about by rapid

The full article is reserved for our subscribers!

Read the full article by Graham Croock, Director, CyriskCo Advisoryas well as a host of other topical management articles written by professionals, consultants and academics in the April/May 2021 edition of BusinessBrief.

VIEW our subscription options


Questions or problems? | +27 (0)11 788 0880 |



Please enter your comment!
Please enter your name here