Using benchmarking to improve security culture

Improving security culture can be a challenging task, especially when lacking deep insights into the areas that need improvements. Benchmarking across the seven dimensions of security culture provides our customers with deep insights into the human factors, and enables them to focus their efforts to maximise the returns. This blog post examines the Benchmarking report in the CLTRe Insights, a part of the CLTRe Toolkit.

Why benchmark security culture?

Benchmarking security culture enables our customers to understand where in their organization their security culture is weak, and where it is stronger. This information makes it possible to tune the investments into security culture activities to improve security where it really matters.

For example, comparing all the units in the organization across the seven dimensions of security culture, provides a list of the scores of each unit, from best to worst.

The list is color-coded, using the levels specified in our research, which makes it very convenient to review how each unit is doing compared to both each others, and the standard security culture maturity model. This visualization makes it easy to see that one unit is really standing out: the Remote unit with it’s score of 48 is in the red zone, which means it should receive some special attention starting with further investigation.

How can you use the data to improve security culture?

By looking at each of the seven dimensions, it becomes clear that it is not all bad for the Remote Unit.

They are being quite responsible – that means that on the dimension Responsibilities, the Remote unit is scoring 63, which lands them on a 9th place in the Responsibilities benchmark.

By comparison, if we look at the Compliance dimension, their score is only 31!

Not only can we identify the Remote unit as a potential security risk, we can even identify the particular security culture dimensions that matters. This deep insights into the human factors enables our customers to dramatically improve security culture, and thereby reduce risk.

In this particular example, the Remote unit could be treated with a tailored programme that emphasises the importance of compliance (as well as Cognition, Communication, and Norms – the other dimensions this unit scores poorly on).

As is evident from the Cognition benchmark, there are a number of other units that would require care too. Perhaps another approach for this customer would be to focus on improving how the awareness training programmes are designed and applied? After all, it is not only about what you know, as much is how you apply that knowledge.

With the CLTRe Insights Benchmark report, you can quickly identify units that needs attention, and improve the security culture in your organization, where it matters.

What now?

Reach out to our team to book a demo of the CLTRe Insights for yourself.