Business leaders know the value of a strong security culture but are struggling to define and implement with the speed of the market.
This is among the findings of a study titled “The Rise of Security Culture”, commissioned by KnowBe4 and conducted by Forrester Consulting, which polled 1 161 respondents who have managerial duties, or higher, in security or risk management.
Key findings include:
* Security is a business priority, with 94% of respondents saying security culture is important for business success.
* Security culture is not universally defined. Respondents were split into five different groups, all with similar, but different, definitions of security culture.
* Decision-makers are overconfident in their current security cultures. 92% of security leaders said they have embedded security culture in their organisations; however, these same leaders are still experiencing security incidents and have yet to merge their security strategies with their overall business strategies.
* Strong security culture will yield high customer satisfaction. 63% percent of respondents expect an increase in customer trust as a result of a strong security culture, and over half expect it to increase their brands’ value.
“KnowBe4 has the most data on security culture of any organization globally and this is the beginning of our efforts to develop even more research related to security culture,” says Perry Carpenter, chief evangelist and strategy officer at KnowBe4. “It’s our goal to help security leaders understand not only the nuances related to what security culture actually entails, but also to provide practical strategies for understanding how their security culture compares to that in other organizations, and what they can do to elevate their culture.”
Kai Roer, security culture advocate at KnowBe4 and MD of CLTRe, comments: “As someone who has built an entire organisation based on security culture, I can appreciate many of the facets of building and maintaining a successful security culture within an organisation.
“This study has shown us that a strong security culture is a business priority that leaders are still working to accurately define. Perhaps the most surprising finding from the study was that business principles, not risk mitigation, are the main motivation for building a strong security culture.”