Australian IT leaders struggle to build security culture
Only one in three Australian IT decision-makers think their organisation has a good security culture, according to new research published by KnowBe4.
A survey commissioned by the company found that 27% of Australian respondents hadn’t even heard the term security culture before, and only two in three of the remainder know what the term means.
The survey found that among IT decision-makers who have heard the term, the most common understanding is a recognition that security is a shared responsibility across the organisation (67%) as well as having an awareness and understanding of security issues (64%).
Meanwhile 59% believe the term means compliance with security policies, and 44% believe it also means that security is embedded into the organisation’s culture.
One in 10 (11%) of IT decision-maker respondents indicated that they know what security culture is but do not believe their organisation needs one, with a further 9% saying they recognise the need to adopt a security culture but are unsure of how to achieve this.
KnowBe4 Security Awareness Advocate for APAC Jacqueline Jayne said the findings do at least indicate that the term security culture is starting to find its way into the lexicon of IT leaders.
“But there is a problem — IT decision-makers have vastly different definitions of security culture, which makes it almost impossible to measure and work toward,” she said.
“At KnowBe4, we define security culture as the ideas, customs and social behaviours that influence an organisation’s security. A common definition makes it possible to discuss the same thing, in the same way.”
Employees are even more in the dark, with only 57% of office workers having heard the term. In addition, 25% of office workers say their employer hasn’t communicated with them about security culture at all.
Among office workers who have an IT team to ask, 34% indicated that they are reluctant to ask their IT team security-related questions, with 18% saying doing so is a hassle, 13% fear the consequences of doing so and 13% feel embarrassed to do so.
CrowdStrike to buy Adaptive Shield
CrowdStrike is augmenting its SaaS security capabilities through the acquisition of Israeli-based...
LockBit named nastiest malware of 2024
LockBit, a ransomware malware known to have been used to attack Australian targets, has been...
Extreme Networks launches ZTNA solution
Extreme Networks' new ExtremeCloud Universal ZTNA solution combines cloud network access...