By: Nataliia Stashevska, CBAP

Abstract  Digital literacy is the foundation of cybersecurity in public and financial sector organizations. Effective learning management, integration of IT Operations, information security, and HR processes, as well as the application of business analysis methods, help minimize the human factor and increase organizational resilience to cyber threats. The article examines analytical approaches to assessing employees’ digital maturity and personalizing training programs. The author’s experience is used to illustrate the practical significance of such methods.

The modern digital landscape is characterized by rapid technological development and increasing complexity of cyber threats. According to a Mimecast study (2024), up to 95% of data breaches are related to human errors, with only 8% of employees responsible for 80% of incidents. These data highlight the need for a systemic approach to developing employees’ digital literacy as a key factor in reducing organizational vulnerabilities.

Digital Transformation in the Public Sector  

The implementation of digital services requires training end-users, especially in government institutions with high regulatory requirements. Training programs must consider legal specifics, varying levels of digital literacy, and access management processes.

For example, during the implementation of electronic court systems in one of the projects, I organized training for judges and administrative staff. It is important that such programs are scalable and sustainable — for example, through coordination with professional academies and councils, which allows increasing the digital maturity of the system at the national level.

Cybersecurity in the Financial Industry  

Compliance with NYDFS Cybersecurity Regulation (23 NYCRR 500) requires the integration of training processes with IT Operations, information security, and HR departments. Analysis of business requirements, access management, and coordination between units reduce operational risks and increase organizational security.

One project showed that implementing change management practices and integrating business analysis into security processes improves the effectiveness of cybersecurity.

Digital Literacy and Cybersecurity  

Digital literacy is not only the ability to use technology but also the capacity to recognize and effectively counter cyber threats. Research by Hancock and Tessian (2023) shows that 88% of data breaches are linked to user errors. The shortage of qualified specialists and the increasing complexity of their roles (Mimecast, 2024) make systematic training a critical factor.

Insufficient staff preparation leads to phishing attacks, data handling errors, and security procedure violations. Therefore, strategic training and assessment of employees’ digital maturity become key tools for risk reduction.

The Role of Business Analysis in Training and Risk Reduction  

Business analysts help to:

• collect and analyze data on the current level of digital literacy and security incidents;
• identify critical areas for skill and awareness improvement;
• develop personalized training programs based on employees’ roles and experience;
• integrate training with information security policies, HR processes, and IT Operations;
• manage changes (change management) to foster a cybersecurity culture.

In my practice, such approaches have proven effective in both the public and financial sectors, helping to reduce the human factor as a source of incidents.

Interdepartmental Interaction and Change Management  

Collaboration between key departments — security, IT Operations, and HR — is critical for effective training and risk reduction. Change management ensures process coordination and adaptation of training to organizational structure and regulatory requirements.

Special attention is paid to the correct exchange of employee identification data and access management, which minimizes errors and increases process transparency.

A comprehensive interdisciplinary approach to developing digital literacy through business analysis, change management, and interdepartmental collaboration significantly increases organizational cybersecurity. Practical project examples demonstrate that analytical methods and personalized training strategies have real value in reducing operational and informational risks.

References 

Mimecast. State of Email Security 2024. Mimecast Threat Intelligence Report, 2024. Hancock, J., Tessian. Human Factor in Cybersecurity: Error Rates and Training Effectiveness, 2023. International Monetary Fund (IMF). Global Forecasts of Cybercrime Damage, 2024. New York Department of Financial Services. 23 NYCRR 500 – Cybersecurity Requirements, 2017. Verkhovna Rada of Ukraine. Law of Ukraine “On Access to Court Decisions”, 2005. Prosci. ADKAR Model for Change Management, 2021.