Cyber hygiene as a factor in business sustainability: how to reduce the risks of cyber attacks by 40%

The wave of hacks affecting a number of domestic companies continues. In 2024-2025, the number of ransomware attacks in Russian business increased by 44%, and only 49% of the identified vulnerabilities were promptly eliminated. At the same time, most (up to 80%) of companies admit that the actions of employees are one of the main sources of risk. This proves that training employees in cyber literacy and simple business processes (changing passwords, MFAs, updates, protecting contractor chains) is one of the foundations of business cybersecurity.They are able to reduce risks by 40%, although they are still often ignored. How can a corporate security culture prevent attacks and protect a company?

What’s going on?

In 2025, the average amount of losses incurred by a company from a single cyber attack is up to 14 million rubles for small businesses, up to 140 million rubles for medium and up to 2 billion rubles for large holdings. The probability of bankruptcy of the company within six months after a cyber attack is 60%, 30% and 5%, respectively.

In addition to the costs of leveling the consequences of cyber attacks, a business may face additional financial losses due to legal requirements – fines, compensation and other sanctions for violating the rules in the field of protecting the corporate perimeter and personal data. For example, fines for leakage of personal data under the 152-FZ “On Personal Data” for legal entities reach 5 million rubles.

What’s the reason? Spoiler alert: lack of regular staff training for cyber literacy

According to a number of studies, in most cases – up to 80% – cyber attacks become possible due to the actions of company employees, be it mistakes, negligence or non-compliance with the rules. The main reason for this low cyber literacy is the lack of systematic training of personnel in the basics of information security. Ransomware, phishing emails, social engineering, lack of two-factor authentication are the most popular techniques among cybercriminals that corporate users come across.

An effective way to reduce risks is to improve regularly the cybersecurity skills of employees. As the methods of criminals are continuously improved, it is important to update systematically knowledge regarding the rules for processing, storing and transferring confidential information.

What to do?

Employee cyber literacy is a skill to be trained. The most effective way is to create a culture of digital security in the company. Security is no longer seen solely as a technical issue, it has become part of senior management strategic planning.

When an incident occurs, it is important to teach, not immediately punish. If an employee first fell for a phishing trick, this is not a reason for disciplinary action, but for a detailed analysis of the case and additional training of the team. The atmosphere of openness and mutual trust is extremely important: the employee should not be afraid to admit his mistake, because the sooner the incident is detected, the more quickly the specialists will be able to take the necessary measures.

Where to start?

Development and implementation of information security regulations: all aspects of interaction with the company’s systems and information handling should be regulated in detail. Particular attention is paid to the rules of remote work, including mandatory data encryption and limiting the use of third-party clouds.
Training and modeling: employees should take courses on the basic principles of digital hygiene, learn to recognize signs of phishing and properly handle passwords.
“Zero trust”: access to the company’s resources is given only after checking the identity and access rights every time, and not once at the entrance. Even “own” employees and services are authenticated and authorized as strictly as external ones. By limiting access rights, the business reduces the likelihood of internal violations and accidental data loss.
Consistency: An effective cybersecurity system requires regular vulnerability analysis and employee training. The key condition for success is an ongoing educational process.

One general training for everybody is not enough. It is necessary to take into account the characteristics of each department and the level of responsibility of employees. Developers and top managers require a different approach and level of awareness, but basic literacy should be available to every employee, regardless of position.

In addition, modern attacks are evolving, so the knowledge and skills of personnel also need constant updating. Specialized platforms for raising employee cybersecurity awareness are useful here.

Process organization: life hacks

The training process should be carried out in stages:

Briefings and materials for beginners.
Regular testing to confirm the acquired knowledge.
Training in new types of risks and repeating previously studied material.

The most important aspect of employee motivation is the awareness of personal responsibility. Many managers successfully apply material incentives, increasing the interest of employees in compliance with safety standards. However, penalties can only be applied when the company has all the conditions for observing digital hygiene. This includes not only personnel training, but also a stack of necessary solutions to ensure information security.

Business cybersecurity solutions

Firewalls

These devices or software are a kind of “filters” between your network and the external environment. They check all incoming and outgoing Internet traffic, blocking everything that looks suspicious.

SIEM systems for collecting data on cyber threats (Security Information and Event Management)

This is software that is the “surveillance center” for company security. The system collects data from all devices, analyzes them and looks for signs of attacks that are difficult to notice manually, including suspicious actions of employees. This speeds up the work with identifying threats, and you can respond to them before they cause serious damage.

DLP (Data Loss Prevention Solutions)

DLP controls critical data monitoring who uses it and how, and making sure that it does not go outside without permission – for example, by mail, in a messenger or through a USB flash drive. If someone tries to transfer confidential information, DLP records this and can block the transfer.

PAM systems for controlling internal users and contractors (Privileged Access Management)

It is a “double lock safe” for valuable systems and sensitive company data. It controls who gets access with admin or other extended rights and records all actions of such users.

EDR products for protecting user devices and servers (Endpoint Detection & Response)

Designed to detect and block malicious activity on company devices: employee computers, servers, IoT devices, and so on.

SOAR solutions for automated incident response (Security Orchestration, Automation and Response)

This is a “coordinator and automatic assistant” for the cybersecurity team. It combines all security tools into a single system, performs simple actions on incidents (for example, blocks access or sends notifications) and helps specialists respond faster to threats.

Anti-virus software

Required security element. Detects and blocks malware, but today is seen as part of a tiered security system, not the only tool.

Cybersecurity is not a one-time action. This is a strategic process that requires, first of all, the initiative of top management and the constant development of employee skills. Given that new threats appear every day, workers must regularly replenish their knowledge base. Companies are increasingly using special platforms for regular training: short lessons and informational digests are received by staff every week, allowing them to maintain up-to-date knowledge without interrupting the main work processes.