Skip to main content
close search
site logo
Dive Brief

95% of companies report cybersecurity culture disconnect

Published Oct. 26, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
CC0 Public Domain Free for commercial use No attribution required Pexels

Dive Brief:

  • About 95% of organizations believe there is a minor or significant gap between their current and desired cybersecurity culture, according to ISACA's Cybersecurity Culture survey of about 4,800 international business and technology professionals. 
  • About 80% of organizations are currently undergoing employee training and communicating behavioral policies to improve their cyber culture. Obtaining cybersecurity certifications for cyber professionals is less of an immediate priority. Half of respondents plan to pursue certifications over the next 12 months.
  • Desirable cybersecurity culture is prevented by a lack of employee buy-in for 41% of organizations and disparate business units for 39% of organizations, according to the report.

Dive Insight:

The human part of cybersecurity is as important as the tech side. But nothing can get done without cultural buy-in.

Employees sometimes stand as the only line of defense if a phishing email gets missed by a filter. Less than 10% of cybercrimes occur outside of email, making an untrained or negligent employee a prime target for malicious actors. Cybersecurity experts will always include employee training and awareness as a fundamental step in security.

The report says companies can help convey their security policies to employees when they: 

  • Define security protocols for new employees during their onboarding process.

  • Customize security training by technical difficulty and departmental risk profiles.

  • Create contact points for mock drills for employees to perform during a cyberattack.

To implement successful culture hacks, CIOs need to find vulnerable parts in their company's culture and plug in small changes, said Kristin Moyer, distinguished VP analyst at Gartner, while speaking at the Gartner Symposium, last week in Orlando, Florida.

CIOs who invest in small culture hacks prove change requires "low effort but they are not low courage," she said. By 2021, CIOs will be as responsible for cultural changes as HR. This helps cultivate a sense of shared responsibility for security and eliminate a checkbox mindset, according to the report.  

Line of business employees should be pulled into the conversation around cybersecurity. Cultivating an inclusive security culture that reaches beyond an organization's security team can bridge the gap between employee involvement and a desired cyber culture.

Recommended Reading

Filed Under: Security, Leadership

Editors' picks

Company Announcements

View all | Post a press release
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
Legion Technologies Partners with Vail Resorts to Expand Workforce Management Across 37 Resort…
From Legion Technologies
November 19, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell