Still Only Human: Well-prepared employees remain middle-market companies’ best defense against attacks by hackers.

Businessman drawing a circle around people icons - Marketing and consumer target groups conceptIn Michael Gold’s commentary, “Still Only Human,” published in the July 18, 2016 edition of the Los Angeles Business Journal, he writes:

“Cybercrime cost the world economy about $500 billion in 2015 and this year’s numbers will be even higher. The cost of data breaches is projected to reach $2.1 trillion globally by 2019. Worldwide spending on information security is estimated to have been $77 billion last year. In the midst of these astounding numbers, the role of the “human factor” gets lost. This is a frightening fact.”

Large companies can spend a small fortune on cyber defense. But Gold points out that cybersecurity is not just a “tech” issue – it is a “human” issue, as well. One careless or uninformed employee can click on a link that gives hackers access to sensitive personal and financial data, as well as a company’s vital intellectual property.

With more than 60 percent of all data breaches hitting middle market companies, Gold asserts that these companies may actually have an advantage over larger companies when it comes to cybersecurity. With fewer layers between management and line personnel, middle market companies can exercise better control over how its people use computers and the internet and deploy solutions more quickly.

He encourages middle market companies to create a “human firewall”, and writes:

“Major hacks have a common element – the ‘human factor.’  But we don’t focus nearly enough on the defining role humans play at every step in the breach lifecycle. Viewing humans as a crucial element of cybersecurity conflicts with the common perception that cybersecurity is a ‘tech’ problem that has a ‘tech’ solution and the equally common and utterly false belief that ‘regular’ people just can’t be taught this stuff.”

For more on this topic, see:

Middle-Market Companies Require a Customized Approach for Successful Cybersecurity

Why Companies Need a Cybersecurity Training Program


Michael A. Gold is the co-chair of the Cybersecurity and Privacy Law Group at Jeffer Mangels Butler & Mitchell LLP. Known for both legal expertise and an understanding of technology, he works with Boards of Directors, C-Suite executives and IT directors to address cyber risks. He advises clients on domestic and international requirements for information privacy and security. He represents companies in complex litigation and arbitrations, including class action defense actions connected with data breach and privacy claims. Contact Michael at or +1 310.201.3529.