The retail and wholesale trade sector accounts for significant portions of economic output and global employment. Its services are crucial to the efficient and effective flow of goods from producer to consumer. As digitalization in the sector continues, exposure to cybersecurity threats is increasing.
This exposure requires new strategies to manage the security culture across the sector. Good security culture is increasingly mission critical. The Security Culture Report 2018 from CLTRe shares the first global security culture benchmark for the retail and wholesale trade sector (below).
How does it work?
The 2018 industry benchmark score for the retail and wholesale trade sector globally is 64, represented by the horizontal, jagged, green line in the chart above. This score is the made up of seven dimensions, shown as columns, and represents the average score of all seven dimensions of security culture across the entire sector data sample.
The short horizontal orange lines in the chart represent the global benchmark for security culture per dimension, allowing us to compare how security culture in the retail and wholesale trade sector is doing relative the entire data sample. The entire 2018 data sample is from 21,788 employees in 4 major industry sectors across Europe and the USA.
What does it tell us?
The trade sector requires dramatic changes to how it assesses, monitors, educates and changes its employees’ behavior. With a score 14 points below the global standard (60), this sector scores worse on the Behaviors dimension than all the sectors included in the study. The trade sector also scores below-average on security communication and adherence to security norms. It’s not all doom and gloom for this sector though.
Interestingly, employees’ attitudes towards security controls are very positive. The trade sector scores 72 on the Attitudes dimension, 7 points above the global standard. This may be good news for the sector and enable faster change than in other sectors.
Why is it important?
High employee turnover in the sector is a challenge when adequately educating the workforce on cybersecurity. To improve the transformation whilst minimizing cost, a clear security culture strategy with a strong focus on segmenting the workforce based on roles and positions and their exposure to cybersecurity risks is needed.
Using a standard of measurement over time, provides a way to identify the needs of the different workforce segments and measure how the security culture of these segments changes. This way organizations learn whether their security culture strategy is effective and can compare their results against their industry benchmark as a measure of their success.
Recommendations for the sector
- Create a 5-year security culture plan to work alongside the digitalization projects
- Identify risk groups based on their access to critical data, data systems, business processes and management
- Design education programs that target different risk groups
- Create baseline metrics for critical user groups, including the employees exposed to digitalization projects
To download and read the full 2018 Security Culture Report go to: https://get.clt.re/security-culture-report-2018
If you’d like to discuss and explore opportunities to measure security culture at your organization, please get in touch ([email protected]) with your questions or book a demo: https://get.clt.re/demo