Skip to main content

Security leaders want strong security culture but struggle to implement it

(Image credit: Image Credit: Methodshop / Pixabay)

Business leaders understand the value of a strong security culture, but they have trouble properly defining and implementing one, according to a new report from cybersecurity awareness training firm KnowBe4.

Based on a poll of 1,161 managers in security or risk management, the study found that 94 percent consider security culture important for business success. However, most struggle to place a finger on quite what this entails.

The respondents also expressed the belief that strong security culture increases customer satisfaction. Almost two thirds (63 percent) expect an increase in customer trust, while more than half believe strong security correlates with growth in brand value.

The report claims most are “overconfident” in their current security culture,  with 92 percent of respondents believing security is “embedded in their organisations”. Meanwhile, the majority of security leaders have not yet merged their security strategies with their overall business strategies.

“This study has shown us that a strong security culture is a business priority that leaders are still working to accurately define,” said Kai Roer, Security Culture Advocate at KnowBe4 and Managing Director at CLTRe.

“Perhaps the most surprising finding from the study was that business principles, not risk mitigation, are the main motivation for building a strong security culture.”