1. Learn home
  2. Cyber Security Pathway
  3. Drive

Drive

Add to favourites

The Drive pathway is for anyone involved in leading and influencing change across services and organisations (e.g. senior managers, service or programme leads). By developing the content in Embed, this pathway focuses on how cyber security concepts can be threaded through ways of working to drive change in organisations.

The Drive Pathway
Triangles increasing in size with a line through them to represent a pathway. The third triangle is blue and the rest are grey.
Step 1 - Supporting Staff
Reflect
Start this step by reflecting on how you think staff in your organisation feel about cyber security. Do you think they are generally quite confident, or not? If not, why might this be?
Group of people sitting round a table looking at a whiteboard
Read

This article presents some of the findings from a recent survey which looked at workforce understanding of cyber security.

 Although based on NHS staff, the points in the article will still be relevant to any type of health or social care organisation: 

Link: 60% of NHS staff want more cyber security training, finds study

Task
Formulate a list of key questions that you could use to understand how staff in your organisation feel about cyber security, then use this information to inform how your organisation can provide support for staff going forwards. 
Step 2 - Leading a Cyber Secure Culture
Question
What leadership behaviours or actions have you observed to effectively promote cyber security?
Read

Leaders are often in a position to champion a culture of cyber security awareness and vigilance so that it permeates every level of an organisation. This guidance explains how leaders can go about this:

Link: The Crucial Role of Leadership in Fostering a Culture of Cybersecurity

Four people standing against a wall looking at a laptop and smiling
Question
Open communication is discussed as a crucial component of effective cyber security practice. What can you do within your role to build an environment where staff feel comfortable to ask questions and come forward with any cyber security concerns?
Step 3 - Cyber Security Toolkit (New)
Reflection
How are cyber risks discussed in your team, department and organisation? Is it viewed as a strategic risk and discussed at senior leadership or board level?
Man using finger to operate phone with hologram emerging
Read

Explore the ‘Cyber Security Toolkit for Boards’ from the National Cyber Security Centre (NCSC), which provides practical guidance to help senior leaders understand and govern cyber risk within their organisation.

Link: Cyber Security Toolkit for Boards | National Cyber Security Centre - NCSC.GOV.UK   

Task

Read the Cyber Security Board Toolkit: Executive summary and consider how cyber resilience and risk management are currently embedded in your organisation’s structure, systems and culture. 

Then review the Board Toolkit: Questions for the board to ask about cyber security and identify which questions would be most important for leaders in your organisation to discuss and address. 

Explore Further

To further develop your understanding of Cyber Governance, Resilience and Risk Management,  consider reviewing the Cyber Security Shape Pathway - Step 2: Cyber Governance Training for Leaders 

Step 4 - Lessons Learnt: Scottish Environment Protection Agency
Read 

In 2020 the Scottish Environmental Protection Agency (SEPA) was the target of a major cyber attack. After the attack, SEPA commissioned independent reviews to allow others to learn from their experience in order to better protect themselves against cyber crime. 

Link: SEPA's response and recovery from a major cyber-attack

3 people working together with a laptop on the table in front of them
Question

In addition to the recommendations outlined, the report also highlights what worked well as part of SEPA's response. 

  • What can you learn from this that may support your own organisation's cyber threat responses?
Step 5 - The Future of Cyber Crime
Read

As digital technologies evolve around us, so do the tools and software of cyber attackers. It's therefore important to consider how we can future-proof our approach to cyber security. Have a look at this article which presents some emerging cyber security threats:

Link: The Future Of Cybersecurity: Emerging Threats And How To Combat Them

Question

Whilst artificial intelligence (AI) innovations bring great opportunities, they may also increase exposure to cyber risk. 

  • How can you ensure that AI solutions implemented across your organisation are developed with consideration of cyber security?
Digital devices on a table shown from overhead
What Next?

You have now completed the Drive pathway. 

Graphic of envelope with an @ sign coming out of it

Pathway Update Notifications

You can access this Pathways Update Notifications Form to register to receive email notifications when pathway content is updated or new resources are added. 

Checklist with a tick in the corner

Feedback

To share any comments or questions you have about the pathway, please use this Feedback Form. You can also let us know if any of the links aren’t working, or the resources aren’t available.

triangles increasing in size with a line through them to represent a pathway and arrow pointing left

Click here to go to the homepage 

triangles increasing in size with a line through them to represent a pathway and arrow pointing right

Click here to move onto the Shape Pathway