The recent ISACA-CMMI Institute cybersecurity culture research illustrates the accomplishments and gaps that are seen in organizations’ cybersecurity culture. The survey-driven research focuses on culture and continuous improvement, both essential components to a successful cyber risk management program.
In this blog post, I will highlight some of the survey’s findings and then discuss ways you can improve your organization’s cybersecurity culture.
Some positive steps I noticed:
- 75% of organizations are getting management more involved with cybersecurity culture
- Most organizations can identify business benefits realized through better cybersecurity
- 87% think that better cybersecurity would improve profitability or viability
Some gaps:
- 60% of organizations do not have very successful employee buy-in
- 42% of firms do not have a cybersecurity culture plan
- 55% think the CISO owns cybersecurity culture
Achieving a strong cybersecurity culture requires action on many fronts: people, process, technology and outside partners. Culture is people and process. Technology and outside partners are supporting players. Details matter. It’s great that most organizations are…
