THE SECURITY CULTURE SURVEY

Measure security culture within your organisation

banner with image of coworkers working together in an office

Building a strong and positive security culture is an effective mechanism to influence your users’ behavior and thereby reduce your organization’s risk. Organizations with better security culture are significantly less (up to 52X less) likely to get phished.

Built following a strict and rigorous scientific methodology, the Security Culture Survey is a standardized assessment to measure an organization’s security culture and identify areas for improvement.

Security culture can be defined as the ideas, customs and social behaviors that impact the security of your organization.

The Security Culture Survey can help you answer questions like:

  • Does my organization care about security?
  • Which areas of the business are least/most security-minded?
  • Which employees are most risk-averse?
  • How strong or weak is our security culture?
  • In what part of our organization do we need to improve security culture?
  • How effective is our security culture program?

In addition to answering operational questions like those above, the SCS provides you with a KPI for reporting your organization’s security posture to the board.

SCIENTIFIC APPROACH
The Security Culture Survey was created with social scientific methods and principles.
PRECISE
With our reporting tools you gain precise insights to your security culture throughout your organization
Flexible
Full flexibility means you control how and when your employees are assessed
Easy-to-use
Usability is crucial to help the employees actually complete the assessments

The Seven Dimensions of Security Culture

The Security Culture Survey measures the sentiments of your users towards security in your organization – the psychological and social aspects that drive social behavior. Specifically, the SCS measures seven dimensions of security culture which include:

  • ATTITUDES
    The feelings and beliefs that employees have toward the security protocols and issues.
  • BEHAVIOUR
    The actions and activities of employees that have direct or indirect impact on the security of the organization.
  • COGNITION
    The employees’ understanding, knowledge and awareness of security issues and activities.
  • COMMUNICATION
    The quality of communication channels to discuss security-related events, promote a sense of belonging, and provide support for security issues and incident reporting.
  • COMPLIANCE
    The knowledge of written security policies and the extent that employees follow them.
  • NORMS
    Unwritten expectations regarding appropriate behaviors pertaining to usage of information technology in organizational context, perception of what practices are normal and unproblematic.
  • RESPONSIBILITY
    The employees’ perceived role as a critical factor in sustaining or endangering the security of the organization.
  • To read our research paper about the 7 dimensions and tips to improve, click here.
Take the guess-work out of your security awareness programme and discover the true culture of your organisation!

The Security Culture Survey Explained

The Security Culture Survey enables organisations to:

  • Measure the effectiveness of your programme
  • Assess norms, attitudes, and social behaviours
  • Identify potential insider threats
  • Focus effort where it’s most needed

In addition, the data and insights provided are used by the board and executive management to:

  • Identify and understand the human factors that influence risk,
  • Justify/adjust budgets & expenditure,
  • Influence/drive strategy, and
  • Support decision making

Security Culture Benchmarking

The Security Culture Survey  can also used by organizations to benchmark cybersecurity culture to compare its maturity across organizations and industries as well as internally across different teams and business units.

Seeing how different groups of employees compare means that our customers understand where in their organization their security culture is weakest, and where it is strongest. This information makes it possible to tune their investments towards security culture activities to improve security where it really matters.

Want to know more? The CLTRe Crew are here to help! For more information, follow the link to book a demo and a member of the CLTRe sales team will be in touch shortly to schedule a chat and discuss your needs.

Manage Your Security Culture

With the Security Culture Survey, you get the measure of your security culture at every level of your organization. Our security culture benchmarking tools provide a scientifically valid and reliable baseline that is replicable (can be repeated over time) and meaningful.

By measuring the culture (the ideas, customs and social behaviors) that your organization, and its subgroups, have towards information security, the SCS reports pinpoint the key areas of concern within your organization (potential insider threats) and identifies the strengths and weaknesses of the security culture.

Reach Every Corner of Your Organisation

Achieving a strong security culture that is consistent and sustainable throughout the organization becomes easier when you have real data showing what impact campaigns are having in each areas of the business.

From organizational level down to individual groups, get real insight into the security culture of your organization at every level. The Security Culture Survey helps you get a better understanding of the impact and effectiveness of your security awareness/culture programme. Our SaaS can help you understand how some employees think about and understand security or communicate security-related topics differently from others.

Baseline Testing

We provide baseline testing to assess the security awareness proficiency, Phish-prone percentage, and security culture score of your users.

Phish Your Users

Best-in-class, fully automated simulated phishing attacks, thousands of templates with unlimited usage, and community phishing templates.

Train Your Users

The world’s largest library of security awareness training content; including interactive modules, videos, games, posters and newsletters. Automated training campaigns with scheduled reminder emails.

See The Results

Enterprise-strength reporting, showing stats and graphs for both security awareness training and phishing, ready for management. Show the great ROI!