Many executives recognize cybercrime as a business risk. But only 36 percent of organizations in an EY study say that cybersecurity is involved from the planning stage of new business initiatives.
The problem? Adding technologies or services – such as a third-party cloud service – can introduce new threats to the organization, adding risk that it may not be prepared for.
To mitigate risk effectively, organizations must foster a culture that evolves their cybersecurity function to a more integral role in the business. And it starts, as they say, at the top.
What is a cybersecurity culture – and why do you need one?
In too many companies, the importance of cybersecurity is misunderstood – even underestimated – by the lines of business, and even operations like finance.
No longer just a back-office “problem,” a company’s cybersecurity effectiveness directly impacts the business.
Still, 48% of organizations in the earlier referenced EY study say their board does not have a full understanding of their cybersecurity risk – and nearly half lack confidence in their cybersecurity program.
An executive-led commitment to a better, more collaborative relationship between the business and the security team is critical to bridging this gap – and begins with helping employees in all areas of the business understand the benefits of being a more secure organization – as well as the potential impacts of insufficient security.
It’s more than just establishing awareness, though. Secure operational practices must be adhered to, and permeate day-to-day activities across the organization – and from top to bottom.
How is this level of commitment to security attained? It must be woven into the fabric of a company and the attitude of its employees through the establishment of a strong cybersecurity culture – the set of shared principles, ideas, processes, and training that communicates, influences, and guides enterprise-wide behavior in order to protect the company’s information and digital assets.
A cybersecurity culture is, according to Forbes, “the most important element in an organization’s security strategy.”
It’s everyone’s responsibility
Cybersecurity tools and technologies alone aren’t enough to keep criminals at bay. Employees play a big part too, and a strong cybersecurity culture can help reinforce their collective responsibilities, behavior, and commitment to keeping your organization safe.
If you don’t have a cybersecurity culture (you’re not alone!), or need to strengthen an existing one, follow these 7 tips:
While adjusting the culture and behavior of your organization from top to bottom is not a simple – or quick – task, it’s worth the effort. Use the tips above and take that first step toward a safer organization today. A strong cybersecurity culture is a crucial component of your overall strategic cybersecurity plan, and one that will actively contribute to reducing risk and improving your organization’s security posture.
Ben leads global security operations for SilverSky, including our SOCs in Europe, Asia, and North America.
You may also be interested in:
Hiring an incident response (IR) vendor often “checks the box” for companies that need to…
Security Operations Center (SOC) analysts are on the front lines of an organization’s cybersecurity efforts.…
by Tom Neclerio and Keith Gosselin As digital initiatives and supply chains extend attack surfaces…
The increasing demand for cybersecurity analysts is a combination of playing catch-up, keeping up with…