
Building a strong and positive security culture is an effective mechanism to influence your users’ behavior and thereby reduce your organization’s risk. Organizations with better security culture are significantly less (up to 52X less) likely to get phished.
Built following a strict and rigorous scientific methodology, the Security Culture Survey is a standardized assessment to measure an organization’s security culture and identify areas for improvement.
Security culture can be defined as the ideas, customs and social behaviors that impact the security of your organization.
The Security Culture Survey can help you answer questions like:
- Does my organization care about security?
- Which areas of the business are least/most security-minded?
- Which employees are most risk-averse?
- How strong or weak is our security culture?
- In what part of our organization do we need to improve security culture?
- How effective is our security culture program?
In addition to answering operational questions like those above, the SCS provides you with a KPI for reporting your organization’s security posture to the board.
The Seven Dimensions of Security Culture
- ATTITUDES
The feelings and beliefs that employees have toward the security protocols and issues. - BEHAVIOUR
The actions and activities of employees that have direct or indirect impact on the security of the organization. - COGNITION
The employees’ understanding, knowledge and awareness of security issues and activities. - COMMUNICATION
The quality of communication channels to discuss security-related events, promote a sense of belonging, and provide support for security issues and incident reporting.
- COMPLIANCE
The knowledge of written security policies and the extent that employees follow them. - NORMS
Unwritten expectations regarding appropriate behaviors pertaining to usage of information technology in organizational context, perception of what practices are normal and unproblematic. - RESPONSIBILITY
The employees’ perceived role as a critical factor in sustaining or endangering the security of the organization. - To read our research paper about the 7 dimensions and tips to improve, click here.
The Security Culture Survey Explained
The Security Culture Survey enables organisations to:
- Measure the effectiveness of your programme
- Assess norms, attitudes, and social behaviours
- Identify potential insider threats
- Focus effort where it’s most needed
In addition, the data and insights provided are used by the board and executive management to:
- Identify and understand the human factors that influence risk,
- Justify/adjust budgets & expenditure,
- Influence/drive strategy, and
- Support decision making
Security Culture Benchmarking
The Security Culture Survey can also used by organizations to benchmark cybersecurity culture to compare its maturity across organizations and industries as well as internally across different teams and business units.
Seeing how different groups of employees compare means that our customers understand where in their organization their security culture is weakest, and where it is strongest. This information makes it possible to tune their investments towards security culture activities to improve security where it really matters.
Want to know more? The CLTRe Crew are here to help! For more information, follow the link to book a demo and a member of the CLTRe sales team will be in touch shortly to schedule a chat and discuss your needs.
Manage Your Security Culture
With the Security Culture Survey, you get the measure of your security culture at every level of your organization. Our security culture benchmarking tools provide a scientifically valid and reliable baseline that is replicable (can be repeated over time) and meaningful.
By measuring the culture (the ideas, customs and social behaviors) that your organization, and its subgroups, have towards information security, the SCS reports pinpoint the key areas of concern within your organization (potential insider threats) and identifies the strengths and weaknesses of the security culture.
Reach Every Corner of Your Organisation
Achieving a strong security culture that is consistent and sustainable throughout the organization becomes easier when you have real data showing what impact campaigns are having in each areas of the business.
From organizational level down to individual groups, get real insight into the security culture of your organization at every level. The Security Culture Survey helps you get a better understanding of the impact and effectiveness of your security awareness/culture programme. Our SaaS can help you understand how some employees think about and understand security or communicate security-related topics differently from others.
Baseline Testing
We provide baseline testing to assess the security awareness proficiency, Phish-prone percentage, and security culture score of your users.

Phish Your Users
Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.

Train Your Users
The world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters. Automated training campaigns with scheduled reminder emails.

See The Results
Enterprise-strength reporting, showing stats and graphs for both security awareness training and phishing, ready for management. Show the great ROI!

