The cultivation of a security aware culture is vital to ensure successful cyber and information security. According to the PGI/Harvey Nash 2016 cyber security survey, 49% of respondents said that such a culture is lacking in their organisations.
Nearly three quarters of senior information security professionals surveyed said that the creation of such a culture is a vital part of ensuring that an organisation has effective cyber security measures in place. Without such a culture the threats posed from insider threats rises greatly, mostly as a result of employee accidents such as opening harmful emails which download malware. The company itself will also be an easy target for hostile actors with repercussions that could seriously harm the organisation both financially and in terms of reputation.
According to the survey, 54% of Chief Information Officers (CIO) and 48% of Chief Technology Officers (CTO) were classed as being ‘very well informed of risks’. In comparison, only 27% of Chief Executive Officers (CEO) and 25% of Chief Operating Officers (COO) were classed as well informed. The Board meanwhile was rated lowest for their risk awareness with just 17%.
With nearly half of organisations lacking a cyber aware culture it appears that many are happy to talk the talk but not walk the walk when it comes to cyber security.
Ambition Outpaces Actuality in Developing Security Aware Cultures
The issue of creating a cyber security aware culture is the responsibility of an organisations leadership. If executives and the board are not willing to learn how or invest in creating a culture then it is almost certain that such a culture will not be made.
The survey also reveals that Chief Information Security Officers (CISOs) are working hard to try and make sure that their superiors are aware of the risks. It seems that a lack of knowledge and/or an unwillingness to spend cash on the creation of a security aware culture is the reason for such a high numbers of organisations lacking such a culture.
56% of the senior information security professionals that took part in the survey said that they were concerned that their organisation does not have an effective budget when it comes to information security and 37% of respondents said that the lack of budget threatens their ability to prepare for and respond to security incidents.
Over a third of the senior information security professionals that took part in the survey said that their organisation suffered a ‘business-affecting information security incident’ over the last year.73% of respondents said that their organization had experienced social engineering and phishing attempts. 53% reported a virus or malware outbreak. Almost a quarter experienced a DOS or DDOS attack. These figures highlight just how important having a cyber aware culture is.
The education of executives and board members is key if organisations are to create a cyber security aware culture and introduce an effective budget to tackle cyber threats.
Educational courses such as PGI’s Executive Cyber Awareness Course teach leaders and managers of organisations to grasp the business critical issues of cyber security. By understanding what needs to be done to reduce risks, an organisation’s leadership can take appropriate and effective action.
For more information on how PGI can make your business cyber secure click here