It is usually said that cybersecurity is only as strong as the weakest link – in most cases, that link is human.
Cyber threats are an everyday reality. Attackers are moved by money or other evil intent, and evolved into well-organized, professional, determined organizations, driving an economy which is expected to exceed $10 trillion in 2025. The recent evolution of large language models (LLMs) and the generative AI (Gen AI) revolution boosted cyberattacks’ precision and efficiency, making prevention more difficult.
In the U.S. alone, the FBI reported the annual damage from cybercrime increased by 33%, rising to $16 billion in 2024. The vast majority of data breaches are down to human failure, from phishing and scam to the misconfiguration of systems and appliances, the mishandling of information or storage devices, and the manipulation by bad actors.
However, if the human element is the weakest link in cybersecurity, it’s also the area where the right solution can have the biggest impact. Technology should come first: a security-by-design approach is absolutely needed when developing and implementing any digital system, and a human-centered approach can offer significant potential for information security within private and public organizations.
But technology is not enough. It should be integrated by strong initiaties to improve the cyber awareness of people and turn them into the first line of defense against cyber threats.
This is particularly important for city leaders, who are responsible for managing complex urban ecosystems and delivering public services to citizens. They need to be aware of the potential threats that can affect their operations, assets, and reputation, and foster a culture of security among their staff, partners, and stakeholders, ensuring that everyone follows best practices and complies with the relevant standards and regulations.
Acknowledging the human element is such critical for cybersecurity, cities are increasingly implementing cyber awareness programs to educate their employees and share appropriate security policies and practices. That’s a good way to enhance the resilience and trustworthiness of digital services and smart city applications, and ultimately improve the quality of life of their communities.