Security has to be sold to users of IT systems in the same way as consumer goods and services, says Mark Hughes, managing director of security at BT.
"Unless they are persuaded that IT security is a good them for them personally, their organisation and its customers, they cannot be relied upon to follow policy," he said.
People are as important to IT security as the technological controls that any organisation has put in place, said Hughes.
"If people do not understand why IT security is important to them, technological security controls will fail, he said.
Employees within any organisation need to be reminded continually using a variety of channels of their IT security obligation and why it is important, said Hughes.
"Many of the horror stories of data losses featured in the media could have been avoided by better educating people about security," he said.
Hughes is to explore some of the successful security awareness strategies used at BT at the inaugural Human Factors in Information Security Conference in London, from 22-24 February.