HomeCyber BalkansImproving cybersecurity culture: A priority for CISOs this year

Improving cybersecurity culture: A priority for CISOs this year

Published on

spot_img

A recent study by TechTarget’s Enterprise Strategy Group and the Information Systems Security Association (ISSA) showed that many Chief Information Security Officers (CISOs) believe that organizations have a long way to go in establishing appropriate cybersecurity cultures within their organizations. The concept of cybersecurity culture (CSC) is defined as the knowledge, beliefs, perceptions, attitudes, assumptions, norms, and values of people regarding cybersecurity and how they manifest themselves in people’s behavior with information technologies. CSC encompasses familiar topics including cybersecurity awareness and information security frameworks, but is broader in both scope and application.

According to the study, CISOs believe that cybersecurity culture is inexorably linked to security best practices in threat prevention, detection, and response. When asked about improving their organization’s cybersecurity program overall, 60% of the CISOs surveyed stated that they should strive to create a better cybersecurity culture throughout the organization. This highlights the importance of cybersecurity culture as a necessary component for achieving an organization’s overall mission.

The research also reveals that getting executives and the board more involved in cybersecurity decision making and oversight, increasing the cybersecurity budget, and improving security hygiene and posture management are all components of a strong cybersecurity culture. It’s worth noting that while more than one-third of CISOs rate their organization’s cybersecurity culture as advanced, 34% claim their cybersecurity culture rates as average, and 30% rank their organization’s cybersecurity culture as fair or poor.

Unfortunately, this seems to highlight a disconnect between CISOs and other business executives when it comes to cybersecurity culture. The study also found that CISOs have often worked for organizations that knowingly ignored security best practices or regulatory compliance requirements. More than two-thirds of CISOs responded that they had worked for at least one such organization, compared with 57% of all other respondents.

The data indicates that fostering a strong cybersecurity culture is crucial for organizations to create a strong and healthy security program. The European Union Agency for Network and Information Security (ENISA) defines cybersecurity culture as promoting cybersecurity as a necessary component for achieving an organization’s overall mission. However, there is still a lot of work to be done in establishing appropriate cybersecurity cultures within organizations, as highlighted by the research findings.

Overall, the study emphasizes the need for organizations to prioritize cybersecurity culture in order to improve their cybersecurity program. This includes getting executives and the board more involved in cybersecurity decision making, increasing the cybersecurity budget, and improving security hygiene and posture management. With cybersecurity threats becoming increasingly sophisticated, a strong cybersecurity culture is a foundational element for organizations to ensure their security practices effectively prevent, detect, and respond to threats.

Source link

Latest articles

African Infrastructure Cyberattacks and AI-Powered Threats Increase

In 2023, a noticeable decrease in cyber threats was observed in most major economies...

We belong: Q&A with Miriam Saffer – Creative, pragmatic, and resilient.

MIriam Saffer: about being judged or not believed. If an employee trusts you enough...

The Resounding Boom of Cybersecurity: Understanding the Ever-Expanding Industry

The cybersecurity industry is currently experiencing unprecedented growth and innovation due to a variety...

DVIDS News: AvengerCon VIII – Army Cyber’s Homegrown Hacker Con Makes a Comeback

of the big things we missed was being able to share our experiences among...

More like this

African Infrastructure Cyberattacks and AI-Powered Threats Increase

In 2023, a noticeable decrease in cyber threats was observed in most major economies...

We belong: Q&A with Miriam Saffer – Creative, pragmatic, and resilient.

MIriam Saffer: about being judged or not believed. If an employee trusts you enough...

The Resounding Boom of Cybersecurity: Understanding the Ever-Expanding Industry

The cybersecurity industry is currently experiencing unprecedented growth and innovation due to a variety...
en_USEnglish