Cybersecurity essentials for project and programme managers

With cybercrime set to incur costs of $10 trillion worldwide by 2025, according to Forbes, cybersecurity is a critical concern for organisations across all industries. Project and programme managers play a vital role in ensuring that projects are delivered on time, within scope, and on budget. However, they must also ensure that these projects are secure from cyber threats, especially when the World Economic Forum estimates that 95% of breaches are due to human mistakes.

With the increasing complexity of technology and the growing sophistication of cyber-attacks, project and programme managers need to be well-versed in cybersecurity best practice.

Cybersecurity in project management

Cybersecurity is no longer the sole responsibility of IT departments. As digital technologies become increasingly integrated into business operations, project and programme managers must consider cybersecurity as a fundamental aspect of their roles.

Failing to incorporate cybersecurity into project management can lead to significant risks, including data breaches, financial losses, and reputational damage.

Cybersecurity risks for project teams

Project and programme managers need to be aware of several key cybersecurity risks that can impact their projects:

• Data breaches: Unauthorised access, theft, or exposure of sensitive project data can have serious consequences, including legal liabilities and loss of customer trust
• Ransomware: Attacks can lock down critical project files and demand payment for their release, leading to delays and potential financial losses
• Phishing: Cybercriminals often target project teams with phishing emails or social engineering tactics to gain access to sensitive information
• Insider threats: Employees or contractors with malicious intent or who inadvertently compromise security can pose significant risks to a project
• Third-party risks: Projects often involve third-party vendors and partners, who may introduce additional cybersecurity vulnerabilities

Understanding these risks is the first step for project and programme managers in safeguarding their projects.

What are the cybersecurity essentials for project and programme managers?

To effectively manage cybersecurity risks, project and programme managers should adopt the following essential practices:

Incorporate cybersecurity into project planning

Cybersecurity should be integrated into the project planning phase, not as an afterthought but as a core component. This should include a thorough risk assessment that considers the type of data being handled, the technology stack, and the potential impact of a security breach.

During the project planning stage, it also helps to define specific security requirements and objectives for the project. These should be aligned with the organisation's overall cybersecurity policies and industry best practice.

It is also important that the project budget includes provisions for cybersecurity measures, such as encryption tools, security software, and training for team members.

Create a framework for cybersecurity

A cybersecurity framework provides a structured approach to managing and mitigating cyber risks. Project and programme managers should work with cybersecurity experts to develop a framework that includes access controls to protect sensitive project data, ideally with multi-factor authentication (MFA) and data encryption to protect data even if cybercriminals intercept it.

It’s also important to establish procedures for regular security audits and continuous monitoring of project systems. This helps to detect and respond to potential threats in real-time.

Manage third-party risks

Projects often involve collaboration with third-party vendors, partners, or contractors. These relationships can introduce additional cybersecurity risks. With this in mind, it’s important to conduct thorough due diligence on all third-party vendors to ensure they have robust cybersecurity measures in place, including reviewing their security policies, certifications, and past security incidents.

It also helps to include specific cybersecurity requirements in contracts with third parties. This may involve clauses related to data protection, incident response, and security audits.

Develop an incident response plan

Despite the best efforts, cybersecurity incidents can still occur. Having a well-defined incident response plan is crucial for minimising damage and recovering quickly. Start by building an incident response team responsible for managing any cybersecurity incidents. This team should include IT, legal, communications, and project management representatives.

This team should be instrumental in developing clear procedures for responding to different types of cybersecurity incidents, such as data breaches, ransomware attacks, or insider threats. These procedures should include containment, eradication, recovery, and communication steps.

Adopt agile cybersecurity practices

The rapidly changing cybersecurity landscape requires a flexible and adaptive approach. Project and programme managers should adopt agile cybersecurity practices to stay ahead of emerging threats.

Project professionals can do this by engaging in proactive threat-hunting activities to identify and mitigate potential risks before they impact the project. It is also important to regularly review and update cybersecurity measures to address new threats and vulnerabilities. This may involve adopting new technologies, revising security policies, or enhancing training programmes.

Grow team awareness and training

As mentioned above, human error accounts for 95% of cybersecurity incidents. Project and programme managers should prioritise cybersecurity training and awareness for their teams by running regular training sessions for all team members, focusing on common cyber threats, safe online practices, and the organisation's security policies.

Phishing simulations can also be helpful to test the team's ability to recognise and respond to phishing attempts. Use the results to identify areas where additional training may be needed.

Finally, fostering a culture of open communication regarding cybersecurity is crucial. Encourage team members to report suspicious activities or potential security breaches without fear of retribution.

Support your project team with cybersecurity training

Bolster your defences against cybercrime with ILX’s cybersecurity training. From introductory courses to advanced certifications, our training can support your team at every level.