In the ever-evolving realm of cybersecurity, change is both inevitable and essential. As organizations adopt new protocols and technologies, understanding the nature of resistance to change becomes paramount. Interestingly, this resistance isn’t a new phenomenon. Looking back on insights from a 1969 Harvard Business Review article highlights the enduring nature of resistance to change. While our tools and strategies have evolved over time, the human response to change remains remarkably consistent. This article will explore just how timeless this issue is and will offer strategies for overcoming resistance to change in cybersecurity initiatives.

Implementing New Protocols

Introducing new cybersecurity measures often involves significant shifts in processes, technologies, and behaviors. Many organizations encounter resistance during these transitions. Naturally, humans tend to resist change, especially when it comes to areas as crucial as cybersecurity. This resistance can be even more pronounced due to the profound impact on daily work and technology usage.

A Look Back: The Timeless Nature of Resistance

In the course of our research for this post, we stumbled upon a striking article from the Harvard Business Review. Authored by Paul R. Lawrence, the piece titled “How to Deal with Resistance to Change” offers a fascinating glimpse into the business challenges of 1969. While the writing style is distinctly of its time, the core message resonates even today.

Lawrence observes,

One of the most baffling and recalcitrant of the problems which business executives face is employee resistance to change.

This sentiment feels eerily familiar to today’s business leaders, especially those grappling with “quiet quitting” and the challenges of reintegrating employees into office spaces after extended periods of remote work. Lawrence elaborates:

Such resistance may take a number of forms—persistent reduction in output, increase in the number of ‘quits’ and requests for transfer, chronic quarrels, sullen hostility, wildcat or slowdown strikes, and, of course, the expression of a lot of pseudological reasons why the change will not work.

In today’s context, the rapid advancements in digital transformation, AI, and other technological innovations have only magnified the challenges of change. Yet, some things remain constant. The intrinsic human need for stability, the value we place on our work relationships, and the discomfort we feel when familiar dynamics are disrupted. Addressing these deeply human concerns is as vital in our era of rapid technological evolution as it was over five decades ago.

Digging Deeper: The Essence of Resistance

Lawrence notes,

Resistance is usually created because of certain blind spots and attitudes which staff specialists have as a result of their preoccupation with the technical aspects of new ideas.

This is seen in today’s resistance to change in cybersecurity initiatives as:

  • Fear of the Unknown: The unfamiliar can be daunting, leading to hesitation and apprehension.
  • Complacency: The mindset of “If it isn’t broken, why fix it?” continues to be a barrier to progress.
  • Tech Challenges: Adapting to new tools and systems remains a challenge.
  • Workload Worries: The prospect of additional responsibilities can deter individuals from embracing change.

The Bigger Picture: Embracing The Human Element

Lawrence writes,

We may sometimes wish that the validity of the technical aspect of the change were the sole determinant of its acceptability. But the fact remains that the social aspect is what determines the presence or absence of resistance.

This insight underscores that while a change may introduce measurable benefits, realizing these benefits hinges on acknowledging the human element. Recognizing and addressing this human aspect is pivotal.

In terms of overcoming resistance to change in cybersecurity initiatives, people who work in cybersecurity often speak of building a “human firewall,” meaning training your staff to turn your greatest vulnerability into your greatest protection.

Proactive Measures: Navigating the Resistance

Lawrence continues with:

The fact remains that the social aspect is what determines the presence or absence of resistance. Just as ignoring this fact is the sure way to trouble, so taking advantage of it can lead to positive results. [emphasis added]

This translates into the context of overcoming resistance to change in cybersecurity as:

  • Clear Communication: Articulating the vision and goals behind changes ensures everyone understands their role in the broader picture.
  • Listen and Address Concerns: Open channels for dialogue to address apprehensions, reducing resistance.
  • Inclusion: Engaging everyone fosters a sense of collective responsibility.
  • Rewards and Incentives: Recognizing efforts shows appreciation for adaptability.
  • Training: Equip teams with knowledge, ensuring alignment, and helping them navigate the transition.


Cybersecurity change management is a continuous journey. By genuinely involving employees, respecting their relationships, and understanding the human side of change, organizations can navigate the challenges of digital transformation more effectively. If your organization seeks guidance in this realm, AccountabilIT is here to assist. We have partnered with KnowBe4 to bring our customers a world-class managed Security Awareness Training program that is designed and implemented with the human element in mind. Reach out to learn more.