The Security Culture Report 2022 - In Short

Recently I got my hands on the Security Culture Report 2022, which I didn't know existed until recently.

It's a well comprehensive and scientific report with a nicely artful of presenting the Security Culture, something we all feel, see & hear in our day-to-day life. So I took this opportunity to give a short summary of this report.

The definition of what security culture means is different for different people with no right or wrong to it. Hence before you read through this report would suggest that you can browse through an understanding of what those various thoughts are. And in case you are short of time here is what the authors feel & mean about the def.,

Security culture: The ideas, customs and social behaviors of an organization that influence their security.?

Summary of the Report

• The human element is the most important component of the security system.
• The global pandemic's effects revealed that although certain industry sectors dramatically lowered their security culture, others significantly improved.
• This year, no industry sector has shown an Excellent or Good security culture.
• Larger organizations exhibit more positive attitudes and behaviors than smaller ones worldwide.
• Security culture appears to have stagnated over the past three years, scoring an average of 73 globally (2019-21).
• advances in the areas that examine what employees are learning (Cognition), what they are observing others do (Behaviors), and their perception of the unspoken security standards (Norms).
• Responsibilities and attitudes sharply decline between 2019 and 2021.
• No industry sector has a poor or mediocre security culture.

There were 18 industries across which this research was carried on. I have summarized only Banking & Financial considering my expertise in transformation has primarily been in these sectors for close to a decade. In a lighter vein, BFs (Banking & Finance) can call themselves a technology company with a BFs license :)

Banking & Financial Industry Insights

• maintains a mid-Moderate grade and a Security Culture Industry (SCI) score that ranges from 75 to 76.
• has seen a rise in cyberattacks, which increases operational risk.
• They are a high-value target since they manage substantial amounts of wealth, oversee trades, and store highly private financial and personal customer information.
• The norms, behavior, and communication dimension in banking slightly improved. The Attitudes dimension is the sole area that needs work.
• The financial factors with the highest scores were communication, attitude, behavior, and compliance, demonstrating that motivated employees believe in, act in accordance with, and adhere to security regulations.

Suggestion - Banking & Financial Industry

• targeted security awareness initiatives are driven by senior leadership with an emphasis on the critical role everyone plays in preserving a strong security culture and protecting high-value financial data.
• Employees must get ongoing simulated phishing tests and security awareness training in order to develop the muscle memory and instincts necessary to distinguish between legitimate and fraudulent emails.
• To strengthen employee resistance to social engineering attacks, employers must establish strong, multi-layered defense methods and immerse their staff in thorough security awareness training.

The report suggests that,

• The more businesses that regularly train their staff, the higher the level of security they will accomplish.
• Employers emphasize empowering workers to see themselves as a powerful, constructive force that can protect their workplace from dangers and cyberattacks.
• The score for the industry is 76. This represents the industry's grade. Use this to assess how you stack up against your peers' performance.

the important message is that organizations must step up their game and invest in security awareness, behavior and culture in the years to come.

A suggested read on the 7 dimensions of security culture would help in better understanding the report.

Kudos to the team of Kai Roer , Perry Carpenter , Anita-Catrin Eriksen , Jacopo Paglia , Joanna G. Huisman , Rosa L. S. & KnowBe4 for all the research and publication.

In my next newsletter will be writing, my short on another report. So watch this space.

#banking #financial #bankingandfinance #security #culture #technology #human #people #empowerment #vulnerability