Few employers have a culture that supports cybersecurity
- Nine in 10 organizations said the cybersecurity cultures they have aren't like the ones they want, according to the Cybersecurity Culture Report. The poll of 4,800 business and technology professionals also found that only 5% of organizations think their organizations' cybersecurity cultures are as advanced as they should be to protect against internal and external threats. The report's creators, the Information Systems Audit and Control Association (ISACA) and its enterprise, the CMMI Institute, describe a cybersecurity culture as one that incorporates cybersecurity into all of an organization's operations.
- Other study results show that in organizations with high employee involvement in cybersecurity, 92% of respondents said C-level leaders have and share an excellent understanding of underlying cybersecurity issues. But 42% said their organizations lack a specific cybersecurity culture management plan or policy. Organizations with a gap between what they have in a cybersecurity culture and what they want spend 19% of their cybersecurity budget on tools and training, while those with cultures that are more supportive of cybersecurity spend far more (43%) on tools and training.
- The study concluded that there's a correlation between company-wide employee involvement and organizations' satisfaction with their cybersecurity culture.
While cybersecurity may seem like an IT-only issue, a modern company requires HR and IT to work together on training employees and drafting cybersecurity policies to truly make security part of a company's culture.
A Clutch report released in May showed that nearly half (47%) of employees don't acknowledge their employers' cybersecurity policies. Clearly, having a policy isn't enough; company-wide communication and training are needed and more critical now, with the rise in security breaches.
Employers shouldn't rely solely on password changes either; some organizations are turning to biometrics for an extra layer of security. Others are starting to use simulation to teach employees how to recognize breaches and lessen the damage attacks can have on IT systems.
Employees are typically on the front lines when security breaches occur. Unsuspecting workers are caught off guard and unprepared. To remedy that, a Harvard Business Review report advises employers to keep cybersecurity policies user-friendly and simple for employees.
- ISACA and CMMI Institute The Cybersecurity Culture Gap: An ISACA and CMMI Institute Study
- HR Dive The key to cybersecurity education? Simulation programs