Gathering support across the company
CISOs should not approach security culture in a vacuum. “Use human resources, employee engagement, and build a cross-functional team,” advises Goerlich. This approach works best when internalized, and aligned with the wider organizational culture. In healthcare, for example, combining cybersecurity in health and patient safety, or combining cybersecurity with a manufacturing safety culture, can lead to both strong security and secondary benefits.
Every C-level executive has a role to play in supporting a strong cybersecurity culture. When they make cybersecurity a priority by talking about it, go out of their way to reward team members who do the right thing, and take a personal interest in learning more about what team members can do, they send a message that emphasizes the importance of a healthy cybersecurity culture, Pearlson explained.
Senior leadership across the business must actively participate in promoting a strong cyber security culture. “Collaborative messaging from the CISO and other senior leaders can turn a message from being neglected into something important for the organization that demands everyone’s attention,” Glass said. “Additionally, using all available internal communication channels can effectively spread the cybersecurity message to other platforms that can have higher levels of engagement, and reach key decision makers in the organization.”
Source link