Cyber security is a mindset and a technology challenge. Businesses in every industry depend as much on informed workers as they do on strong protocols and effective cyber security tools. The way a company thinks about itself, in terms of protecting its most essential assets (e.g., confidential data, operating systems or internal networks), is a function of what is commonly called a “security culture.” But what exactly defines that culture?
This is not a new or rhetorical question. A 2020 study found that while 94% of organizations surveyed believed that establishing a security culture was an important business goal, there was little agreement on which metrics could measure that culture’s effectiveness.1
Given the rapid pace of change in the security field and business operations, defining a security culture is now even more difficult. As workflows, technology tools and threat landscapes shift, companies may struggle to maintain a cohesive approach that applies to every employee, regardless of their role, seniority or level of responsibility.
Adaptability is one fundamental principle that can help any business build a culture that is attuned to challenges and capable of harnessing new methods and tools efficiently.
While any company will need to respond to new trends and opportunities, changes in recent years have been so significant — including the shift to hybrid or remote work policies, the proliferation of data and the evolution of security tools — that they may require a rethinking of what it means to be secure in mindset and practice. Companies should look at security as an ever-evolving challenge and business requirement. As security experts build new tools and methods for detecting and responding to threats, business goals and culture must keep up.
This always-on, dynamic approach could be described as an adaptive security culture. This culture should take shape in a company-wide mindset that augments technical tools and employee readiness to create a layered defense. Furthermore, the massive changes to the workplace present a unique opportunity for businesses to build a strong culture — or make it even more resilient and defined than it was before the impact of the COVID-19 pandemic.