Security culture benchmarking provides insight into how culture maturity compares, for example, companies can compare their overall score by industry, geography and size of business. Having a map of the security culture in their own organization also allows for comparison between different departments and teams, which means they can really see what is going on internally and get detailed, actionable information from within their organization.
Security culture is measured across seven dimensions – attitudes, behaviors, cognition, communication, compliance, norms and responsibilities. Each dimension has its own distinctive qualities that can be quantified and used to map out the security culture across the organization. The 2018 Security Culture Report sees the introduction of two new industry sectors: Retail and Wholesale Trade and Information and Communication, in addition to Finance and Real Estate which were covered in last year’s report. Large differences are evident when comparing the security cultures of these four sectors.
Some of the major findings of this report are the large differences evident when we compare the average scores of each sector:
- As one of the first sectors to digitalize their operations and held to strong regulatory demands by the industry and government standards, it may not be a huge surprise that security culture in the Finance sector is generally better than in other sectors. This sector stands out in particular for having the highest score of the Behavior dimension.
- However, a major revelation is the above-average scores in the Retail and Wholesale Trade sector for Attitudes, Cognition and Compliance, indicating that employees within the Trade sector have higher than average understanding of security and how it relates to their own role in their organization as well as being more positive and adherent to the organizational measures put in place to protect them and the security of information.
- Within the ICT sector we see dimensional scores ranging from High Risk (48) to Insecure (71). This sector consists primarily of knowledge workers (with a good command of ICT), so it is perhaps unsurprising that, of the sectors included in this study, it has one of the highest adherences to norms and scores well on the Communication dimension. Nonetheless, this sector scores poorly when it comes to its employees’ attitudes towards security controls and compliance to security policy and regulation.
- Another significant finding is that the Real Estate sector continues to demonstrate poor scores across all dimensions, giving it the worst security culture of all sectors covered by the 2018 report. Year on year analysis (p. 11 of report) also finds that security culture in this sector is worsening.
You may be interested in reading our blog posts on the 2018 Security Culture Benchmark for each sector coming soon. [Links to follow.]
Download the Security Culture Report 2018
To get a free, printable PDF version of the FULL report, register here: