Gathering support across the enterprise
CISOs shouldn’t tackle security culture in a vacuum. “Collaborate with human resources, employee engagement, and create a cross-functional team,” Goerlich advises. This approach works best when it’s positioned within, and aligned with, the broader organizational culture. In healthcare, for example, tying cybersecurity to patient health and safety, or combining cybersecurity with manufacturing’s safety culture, can lead to both stronger security as well as secondary benefits.
Every C-level executive has a role to play in supporting a strong cybersecurity culture. When they make cybersecurity their personal priority by talking about it, doing what they can to reward team members who do the right things, and taking a personal interest in learning more about what team members can do, they send a message that reinforces the importance of a healthy cybersecurity culture, Pearlson explains.
The entire enterprise’s senior leadership should actively participate in promoting a robust cybersecurity culture. “Collaborative messages from the CISO and other senior leaders can transform an otherwise disregarded message into an organizational priority that demands attention from everyone,” Glass says. “Additionally, utilizing all available internal communication channels can effectively spread the cybersecurity message to other platforms that may have higher engagement rates, as well as reach key decision-makers within the organization.”
