About the session
With cyber threats rapidly evolving, business leaders are constantly looking at improving technology and processes within businesses. To tackle the ever-threatening cyber landscape, security leaders need to be ahead of the emerging threats, and while having the right technology is a must-have, organisational culture plays an effective role in safeguarding the business.
This year’s report paints a positive picture, with cyber security culture improving, however, CISOs have reported facing many other competing priorities. So, how can they measure the security culture’s success and accelerate its progression?
Join the next Hot topic session to find out how and why metrics and reporting have the potential to close the communication gap between CISOs and the non-technical audiences or the board.
What gets measured, gets managed!
This year’s report highlights how behavior and culture have been elevated from a tactical to a more strategic level. Many more senior stakeholders understand the importance of security as a whole, as well as security culture in particular. Alongside this, mechanisms for raising awareness and influencing cultures, such as simulated phishing and tailored training, scored lower in terms of their effectiveness in influencing culture this year compared to 2022
62% of CISOs consider cyber security culture ongoing progress, which highlights its effectiveness. But reporting and providing context on cybersecurity metrics can tell the story of success or failure and help CISOs further address their challenges to the board and to non-technical audiences.
Security is seen as an innovation enabler now more than it has been in the past, but still, 40% of CISOs reported that the business is not measuring or reporting on the value security adds to the business.
With budgets remaining flat across many businesses this year, is this the start of a more mature approach to security culture, with intelligent metrics demonstrating the return on investment?