What are positive security decisions and why do they matter?

On a daily basis, employees (and contractors) are faced with hundreds of decisions they have to make that impact the security of your organization. Choices they make, such as avoiding malicious phishing attempts, reporting suspicious emails, properly using a password manager and responsibly handling sensitive information have significant impact on your organization’s attack surface - think of it as the "human attack surface"
Capturing and benchmarking these decisions and categorizing them as positive and negative security decisions is a huge step forward in strengthening an organization's security posture. Negative security decisions your employees make are the source of nearly 90% of cyber beaches. Therefore, influencing positive security decisions is the single most powerful and efficient cyber defense your organization can mobilize. They help increase the effectiveness of your security investments and reduce the need for extraneous security training and technology.