Oslo, May 2017: The Security Culture Report 2017 reveals that gender balance is crucial for maintaining good security and reducing risk. A study into over 10 000 employees in the bank and finance sector within the Nordics demonstrates large gender differences in how risk and security is being understood and acted upon. “Balance is key for organizations looking to reduce risk”, says Kai Roer, CEO of CLTRe and one of the authors of the report.
The “Security Culture Report 2017 – Insights into the human factor” was published by security culture research company CLTRe today. The study was conducted on more than 10 000 employees in the bank and finance sector in the nordic countries in Fall 2016, making this the largest public industry research into security culture worldwide. One of the main findings of the study is the differences in how genders perceive and handle risk, leading the authors to believe that gender balance is not only a political issue, but also a security one.
Kai Roer, CEO of CLTRe, explains: “Our findings are very clear, females report better compliance with rules and less risky security behavior than their male counterparts. Men, on the other hand, report better knowledge of the rules as well as a better understanding of risk and technology, while not following those rules as closely as their female colleagues. This finding may explain why companies like Uber, and other male-dominated startups, may exercise a riskier behavior both in business and security than companies with good gender balance”.
The report shows that females are more positive towards security controls to interfere with their work, and they are more likely to avoid risky use of the Internet. They also express a higher tendency to notice and interfere with co-workers who conduct risky behaviours, making them potential guardians of security culture. Interestingly, males report a higher accountability for their own actions. “Putting these factors together, we believe that a security culture program that aims to improve security culture, should aim for gender balance,” says Roer. “We also see a strong correlation between adherence to norms, and secure behaviour. No such correlation is found between awareness and behavior, leading us to conclude that security awareness training programs are all in desperate need of modernisation. Move away from boring trainings, apply peer pressure and group dynamics instead”.
Research conducted on more than 10 000 employees across 5 industry sectors in 2 countries. The research was conducted by security culture research company CLTRe AS and the University of Ljubljana. Authors: Kai Roer (CLTRe) and Dr. Gregor Petric (University of Ljubljana). The report is comprised of 200+ pages with detailed findings, and can be downloaded for free for a limited time at https://get.clt.re/report/
CLTRe is a Norwegian security culture research company which provides customers with deep insights into security cultures using our automated tools and algorithms. Our customers use the insights gained to improve their security culture, reduce risk and document the effectiveness of their organizational security controls. CLTRe was founded by industry veteran and security culture specialist Kai Roer in 2015 as a response to demand. CLTRe operates worldwide.
Kai Roer is an information security industry veteran with over 20 years of broad,international experience in security, communications and leadership. The author of several books, including Build a Security Culture (IT-Governance, 2013), and the creator of the Security Culture Framework, the free and open framework for building and improving security culture. In 2015, Roer founded CLTRe, a research-driven software-as-a-service company serving the global market, to provide a solution for organizations needing to accurately measure the impact and effectiveness of their security culture investments. Roer has lectured, trained, and delivered keynote speeches in more than 40 countries. In 2015, he received the Ron Knode Service Award for outstanding service to the community by Cloud Security Alliance.
Gregor Petric, Ph.D., is an Associate Professor of Social Informatics and Chair of the Center for Methodology and Informatics at the Faculty of Social Sciences, University of Ljubljana (Slovenia). He is an internationally reputable psychometric expert and internet researcher, regularly publishing in prominent scientific journals, including The Information Society, Computers and Human Behavior, Cyber psychology, Online Information Review, and many more. His research work currently demonstrates more than 250 citations on Google Scholar. His most recent work focuses on explaining and measuring security culture based on his previous experience with metrics of psychosocial phenomena in online organizations. He regularly lectures at international methodology summer schools and has received many awards for his scientific work, including a recent award for scientific excellence, delivered by Faculty of Social Science, University of Ljubljana.