IT disaster recovery, cloud computing and information security news

Few enterprises manage to achieve the cybersecurity culture that they require

With cybersecurity threats continuing to escalate worldwide, a recently published ISACA and CMMI Institute report states that just 5 percent of enterprises’ employees think that their organization’s cybersecurity culture is as advanced as it needs to be to protect their business from internal and external threats.

For the ‘Cybersecurity Culture Report’ more than 4,800 business and technology professionals shared their insights in a global survey conducted via online polling in June 2018.

Cybersecurity culture is a workplace culture in which security awareness and behaviors are seamlessly integrated into everyone’s daily operations, as well as a strategic executive leadership priority. In a threat-ripe environment, an effective cybersecurity culture can help employees understand their roles and responsibilities in keeping their organizations safe and customer data secure. However, just 34 percent of respondents say they understand their role in their organizations’ cyber culture.

Companies must take an all-hands-on-deck approach to counter cyberattack threats, the report summarizes.

Widespread employee involvement correlates strongly with the minority of organizations that have achieved strong satisfaction with their cybersecurity culture. Nine in ten employees (92 percent) at these organizations say that their C-level executives share an excellent understanding of the underlying issues, which may be why they include their employees so well; 84 percent of employees at these organizations say they understand their role in cybersecurity.

Other key findings from the survey include:

  • Many organizations lack the first - and all-important - step toward a cybersecurity culture: 42 percent of organizations do not have an outlined cybersecurity culture management plan or policy.
  • Aligning the entire workforce with the organization’s cybersecurity policies requires significant capital: organizations that report a significant gap between their current and desired cybersecurity culture are spending just 19 percent of their annual cybersecurity budget on training and tools; organizations that believe their cybersecurity culture is where it is supposed to be are spending more than twice as much (43 percent).

To download the complimentary survey report, visit www.isaca.org/cybersecurity-culture-study



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.