With a growing number of threat sources and successful cybersecurity attacks, organizations find themselves in a tricky spot if they wish to survive cyberspace. Oftentimes, the adversaries are not the challenge; the obstacle is the organization’s culture. Just like culture influences who we are as a people, culture influences the cybersecurity tone of an organization. Every organization has its own unique fit and feel. Unfortunately, the fit and feel of an organization’s culture is not always positive.

With the understanding that cybersecurity is still a relatively new concept to many, people and organizations often fail to see cybersecurity as an enabler of business objectives. Instead, cybersecurity is often thought of as a roadblock, prohibiting the organization from reaching its goals. This negative perception of cybersecurity results in business units avoiding cybersecurity or finding ways to circumvent it. With that said, aligning security with risk management frequently leads to higher acceptance amongst the organization.

The Perception of Cybersecurity

Many organizations place a greater emphasis on technology, leaving the human aspects of cybersecurity to be overlooked. Therefore, its crucial to place a stronger focus on culture. Establishing a cybersecurity culture can influence risk-based decisions and create the perception that security is a benefit to the business rather than an obstacle. Although organizations work diligently to improve cybersecurity awareness, network defense and threat detection, the greatest protection may originate from an effective risk-based cybersecurity culture.

Each member of the organization contributes to the cybersecurity culture in some way. The concept of cybersecurity culture is based on knowledge, perceptions, views and how they manifest themselves in human behavior with technology. Ultimately, the purpose of a cybersecurity culture is to create an optimized social and psychological framework to support cybersecurity initiatives that are aligned to the strategic mission and business objectives.

Cybersecurity and Risk (Read more...)