Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
3. Cognition: This involves the understanding, knowledge, and awareness of security issues among employees.
4. Communication: It denotes the quality of communication channels used to discuss security events, foster a sense of belonging, and offer support for security-related matters and incident reporting.
5. Compliance: This dimension assesses employees’ familiarity with written security policies and the degree to which they adhere to them.
6. Norms: It refers to the awareness of and adherence to unwritten rules of conduct within the organization.
7. Responsibility: This dimension gauges how employees perceive their role in either upholding or compromising the security of the organization.
Security culture in Europe
Organizations prioritizing the establishment and upkeep of a security culture will encourage notably heightened security awareness behaviors among their employees. Examining this further, research has shown that organizations in Europe have a good understanding of security culture as both a process and a strategic measure. However, many have yet to take their first tactical steps toward achieving that goal. Those who have done so realize that shaping security behaviors is essential in developing a security culture. These organizations acknowledge that in a proactive security culture, employees have an inherent understanding that security behavior extends beyond participating in phishing simulations – the employees are intrinsically motivated to add to the security posture of their respective organizations.
Delving deeper, smaller European organisations score higher in security culture due to more effective personal communication, stronger community bonds and better support for security issues. This naturally leads to enhanced Cognition and Compliance, with improvements in communication channels posited as a key driver for better security policy understanding and proactive security behaviours that outperform global averages. Conducting an examination of which industries displayed the best security culture within Europe, it is certainly gaining traction among security experts within sectors like finance, banking and IT, which are all heavily digitized. Indeed, security awareness is no longer understood as a checkbox exercise for satisfying compliance requirements. It is increasingly seen as a strategic initiative to foster a security mindset in the organization.
Impact of EU regulations
When you factor there are 44 sovereign countries with a total of 746 million people, that is a large number of potential victims hackers can target with social engineering. Because of this, everyone must be part of the defense, particularly as EU legislation and regulation places more demands on businesses.
Firstly, GDPR had a global influence in prioritising individual interests in data-handling. Now, sector-specific regulations, like the Network and Information Security directive (NIS2), enforce strict cybersecurity standards, hold boards accountable for organisational cybersecurity and supply chain security. Next, the Digital Operational Resilience Act (DORA), which will be effective from January 2025 and targets financial institutions, mandates rapid cyber attack recovery and employee training. Additionally, the EU AI Act, scheduled for enforcement in 2025, categorizes AI risk and imposes substantial fines for non-compliance.
Successful cybersecurity governance requires unified strategies, standardized processes, clear accountability, and adequate resources, ensuring compliance isn’t merely a formality but a robust security framework.
Getting security culture right
To get security culture right within your organization, focus on two or three high-risk behaviors for change – there are free security culture surveys to help gauge the current stance on this as a starting point. It’s crucial that organizational goals, strategies and objectives are aligned with this mission and so develop a plan to influence behaviors by utilizing both formal mechanisms and informal leadership modelling. Ensure clear communication tailored to diverse preferences and secure executive endorsement to solidify support. Execute the plan with defined goals and timelines, maintaining open communication channels. Evaluate progress through subsequent surveys and share findings with leadership. Solicit input from stakeholders to refine strategies continuously. Stay proactive against evolving cyber threats, remaining flexible to adjust to react to business objectives accordingly.
To conclude, start the journey to building a strong security culture with a positive mindset and confidence because by taking these steps, it will be paving the way for a long-term change in your workforce’s awareness and preparedness to security.
We’ve featured the best identity theft protection.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
Source link : https://www.techradar.com/pro/what-is-the-current-state-of-security-culture-in-europe
Author :
Publish date : 2024-06-19 07:00:00
Copyright for syndicated content belongs to the linked Source.