How to Fix a Dysfunctional Security Culture

By Stu Sjouwerman, CEO KnowBe4

Culture underpins everything an organization does—and how it gets things done. While culture is a term often referred to the organization as a whole, there are also cultures (or subcultures) within organizations related to business practices—like security. At my company, we define a security culture as the ideas, customs, and social behaviors of a group that influence its security.

The Hallmarks of a Security Culture

Culture shifts over time. A positive security culture will grow from basic compliance to a sustainable and well-integrated one that drives secure behaviors and prevents breaches.

But cultures can also become toxic or dysfunctional, working at cross purposes with the desired values and goals of the organization.

[....]