These comments from the director of the National Cybersecurity Centre at a recent event are interesting. It's a widely repeated saying that people are the weakest link, but Ian Levy strongly rejects it here.
Perhaps the real problem is in fact the complexity of human interactions with computer systems and the way that the IT industry tries to solve problems. It's certainly easier to blame 'people'.
Could bringing in people from the wider business in to the security conversation improve the outcome?
“Cybersecurity professionals have spent the last 25 years saying people are the weakest link. That’s stupid!” he said, “They cannot possibly be the weakest link – they are the people that create the value at these organisations. “What that tells me is that the systems we’ve built, as technical systems, are not built for people. Techies build systems for techies, they don’t build technical systems for normal people.”