With our modern dependence on technology and security. Everyone knows how crucial security is and how it must be embedded into everything an organisation does. When a security culture is sustainable, it transforms security from a one-time event into a lifecycle that generates security returns forever. This is Cyber Security Culture Development.


Why do companies need cyber security culture?

Businesses investing heavily in cybersecurity often base their investments on technology, but don’t sufficiently attend to the human side of it, which remains the top cybersecurity risk for many organisations.


Cyber criminals most frequently perform attacks on organisations by using phishing emails and similar tactics, this makes employees within the organisation the first line of defence that needs to be strengthened. Our focus is on the human aspect, as we must remember that it is humans that are clicking on phishing emails, not the actual computers or applications.  Also access to the organisation’s computers, networks and systems, is routinely through its employees, therefore they must play a major role in building defence and resilience to cyber threats.  This will be accomplished through Cyber Security Culture Development.


The organisation’s culture plays a major role in determining the organisation’s cyber security posture.  Employees need more than being given policies without any explanation, while routinely being told to change their passwords.  Employees don’t put their organisation at risk on purpose, and to develop the required culture require training and guidance with regard to cyber crime.


Organisations require to work on building their cyber security culture. They need to spend more time explaining and raising awareness with their employees about possible cyber risks and their implications, enforcing safe cybersecurity procedures that will assimilate easily with their daily work routines and practices, and showing them how their behaviour can help or hinder the entire organisation’s structure, from their solutions and products to third-party vendors.


Why is Cyber Security Culture Development Hard?

Lack of employee buy-in

In any organisations that focus on developing cybersecurity awareness, we still find that not all individuals understand their role within the organisation’s security culture. Awareness normally is high within IT and security teams, but these are only a small part of the larger organisation.   This lack of buy-in by the majority of the organisation’s workforce is one of the main reasons it’s difficult for organisations to inculcate proper cybersecurity culture in their workforce.


An organisation’s security training often means being shown a video or a  presentation, with no interaction, so the employees cannot be blamed for any lack of awareness.  The security training needs to be an interactive and engaging experience that will strengthen their role in the the organisation’s security posture.


Lack of executive buy-in

When we think in terms of cybersecurity culture we need to include management and the executive leaders as well.  They all play a collective role in an organisation’s cybersecurity resilience. Unfortunately leader and managers are often excluded, therefore creating a lack of buy-in from their side, which is another obstacle for an organisation eeding to develop a healthy cybersecurity culture.


Security training that brings employees, managers and executives together is necessary, and a must for opening up the dialog.  All cans hare their experiences and explore the different threats they experience in their roles, which provides better input to cybersecurity awareness from across the different levels of the organisation.


In Conclusion

A sustainable cybersecurity culture in the workplace, will enable employees to learn to understand their role in keeping the organisation safe. Employees will accept responsibility and help you work quickly and effectively to remove any threats. The human factor may be the weakest link in security practices and is at the core of all cybersecurity issues. But you can up your chances against cyber threats by investing in your employees and making that weakest link your strongest asset.


If you would like to find out more about Cyber Security Culture Development, Planning and Security Awareness Training, then contact us.


Contact De Morgan Intelligence Cyber & Risk Management