
By Matthew T. Carr
Organizations with strong cybersecurity cultures experience fewer cyberattacks and recover faster than others.
Related: Deploying human sensors
This results from emulating the culture building approaches of high-risk industries like construction that devote sustained attention to embedding safety throughout the organization.
For most organizations, building a cybersecurity culture is a necessary evil rather than a cherished goal. Prioritizing security means desirable cultural norms like openness, trust building, creativity, efficiency, and risk-taking might suffer.
Until a decade ago few organizations needed a cyber security culture. If the security industry catches up with adversaries, then the need for a cybersecurity culture will eventually fade away. Few will miss it.
Cybersecurity culture is a subset of the overall corporate culture. It harnesses beliefs and values to promote secure behaviors by employees in everyday work activities.
Model culture
Cybersecurity culture is necessary today because routine actions such as opening emails, responding to customer requests and using productivity software can put the organization at risk for ransomware and data breaches.