Using Organisational Culture to Improve Cyber Security

Blog / Using Organisational Culture to Improve Cyber Security

We consistently recommend that you build a resilient business where cyber-security a priority. But what does organisational culture have to do with improving cyber-security? As most managers and CISOs know, one of the least static areas of business is cyber security. That’s because more than half of the fraud in the UK is conducted online. Therefore, in light of mounting attacks, it’s important to increase awareness at the company level. Plus, to ensure your cybersecurity policies are effective, you must get buy-in and action from all levels of staff. When you do, you can use organisational culture to improve cyber security.

The State of Cyber Crime Heading Into 2020

The National Audit Office has confirmed what we already know – that the UK has a high level of exposure to and potential impact from cyber-attacks. This stems from the UK’s role in international organisations, such as NATO, and the openness of our digital economy. Because we have “one of the world’s most open and most digital economies” we are “vulnerable to attack from hostile counties, criminal gangs and individuals.” (House of Commons Report: “Cyber Security In the UK 2017-19’”)

Operating in the current cyber threat landscape is difficult. The risks are multifaceted and we’re finding organisations are navigating an increasingly complex cyber threat environment. As the EESC’s Cybersecurity Study outlines, these risks affect:

  • Business continuity
  • Intellectual property
  • Personal integrity
  • Professional integrity

So, now more than ever you must consider all these areas and more when building your cybersecurity plan.

Cybersecurity culture in the workplace

Cybersecurity is everybody’s business because everyone loses out when a company is affected by a cyberattack. We care about the role of employees because careless and unaware employees are too often contributors to the success of cyber threats.

You can start the cybersecurity process by creating the policies and frameworks just like the government agencies we work with. They are developing national frameworks for a policy and legal foundation for a resilient cyber-ecosystem. You should do the same on a micro-level in your company.

However, unless you have the active involvement of staff, your efforts may not offer the ROI on your security investment that you expect. So, you want a system where cybersecurity practices are integrated seamlessly into everyday jobs.

It is a delicate balance to improving security and getting company buy-in without alienating employees in the process. Too often, the approach taken to implement security changes neglects employee involvement, by failing to acknowledge the importance of staff in the implementation and ongoing execution. There are best practices that organisations can and should adopt. But it also means tailoring your security protocols to your unique business needs.

In a resilient business culture, information security is seen as everybody’s business. In this environment, the culture you foster minimises insider threats. It also encourages employees to identify threats and actively respond to vulnerabilities. Crucially it starts with executives supporting the initiatives of their CSOs and CISOs. It’s about institutionalising security training programmes, which helps to develop better cybersecurity habits in employees and staff.

Using Organisational Culture to Improve Cyber Security

To be blunt, an organisation’s cybersecurity culture determines how secure the company or agency is. When cybersecurity is a part of your company’s culture, it will increase the level of integration in your employees’ activities at work and elsewhere.

So, it’s time to build a more-agile-than-ever IT organisation. Improving employee practices starts with the cybersecurity professional at your disposal, and the security culture at your workplace.

Let’s build long-term strategies that evolve and respond to changing threats. Today.

Register if you want to learn about cybersecurity and technology.

You can unsubscribe in one click, and we'll never share your email address.

Fancy reading something else - what takes your fancy?

atlassian ciso crime culture cyber insider-threat malware security