The U.K. National Cyber Security Centre on Wednesday published six cybersecurity culture principles developed through extensive research with industry and government partners. The principles define the cultural foundations essential for building a cyber-resilient organization and offer guidance on how to cultivate that environment. They are intended to support leaders and cybersecurity professionals in creating conditions where secure behaviours can take root and endure. The principles also draw attention to how weak or misaligned cultures can lead to poor security outcomes, and encourage organizations to view such outcomes as symptoms of deeper cultural issues that require attention.
Recognizing that people are vital to cybersecurity, Kate R, a sociotechnical lead at the NCSC, wrote that “Every day they make decisions that impact cyber, from reporting a phishing email to choosing strong passwords to ensuring their software is up to date. NCSC research has shown that people’s ability to support security is closely linked to the health of their organization’s culture around cyber.”
Cybersecurity culture reflects the shared understanding of what is…
