The cultivation of a security aware culture is vital to ensure successful cyber and information security. According to the PGI/Harvey Nash 2016 cyber security survey, 49% of respondents said that such a culture is lacking in their organisations.
Nearly three quarters of senior information security professionals surveyed said that the creation of such a culture is a vital part of ensuring that an organisation has effective cyber security measures in place. Without such a culture the threats posed from insider threats rises greatly, mostly as a result of employee accidents such as opening harmful emails which download malware. The company itself will also be an easy target for hostile actors with repercussions that could seriously harm the organisation both financially and in terms of reputation.
According to the survey, 54% of Chief Information Officers (CIO) and 48% of Chief Technology Officers (CTO) were classed as being ‘very well informed of risks’. In comparison, only 27% of Chief Executive Officers (CEO) and 25% of Chief Operating Officers (COO) were classed as well informed. The Board meanwhile was rated lowest for their risk awareness with just 17%.
With nearly half of organisations lacking a cyber aware culture it appears that many are happy to talk the talk but not walk the walk when it comes to cyber security.
Ambition Outpaces Actuality in Developing Security Aware Cultures
The issue of creating a cyber security aware culture is the responsibility of an organisations leadership. If executives and the board are not willing to learn how or invest in creating a culture then it is almost certain that such a culture will not be made.
The survey also reveals that Chief Information Security Officers (CISOs) are working hard to try and make sure that their superiors are aware of the risks. It seems that a lack of knowledge and/or an unwillingness to spend cash on the creation of a security aware culture is the reason for such a high numbers of organisations lacking such a culture.
56% of the senior information security professionals that took part in the survey said that they were concerned that their organisation does not have an effective budget when it comes to information security and 37% of respondents said that the lack of budget threatens their ability to prepare for and respond to security incidents…Click HERE to find out more about this article