Avoid the Blame Game: Developing a Cyber Security Culture

By Janet Eckman, Xigent Chief Financial Officer

cyber security culture

A recent national study found that more than 27% of employees said they were afraid to tell IT when they made a security mistake. Only half of employees said they always report when they receive or click on a phishing email. The reason: they don’t want to be punished or required to undergo extra security training.1

Employees know that they have good reason to be fearful. 4 in 10 organizations take disciplinary action against staff who make cyber security errors. 2 Unfortunately, that punitive approach often has the opposite of its desired effect, creating a culture where employees hide their mistakes.

A culture of fear is the last thing you want when it comes to cyber security, as your employees are already your weakest security link. According to another 2021 study, human error was the major contributing cause of 95% of cyber security breaches.

5 Steps to a Stronger Cyber Security Culture

So, how do you build the kind of company cyber security culture where your employees are part of the solution?

  • Outline your goals. Determine what you are trying to protect with your cyber security initiatives and how employees fit into those efforts.
  • Be transparent. Be upfront with employees so they understand the purpose of security and are proud of their role as human “firewalls.”
  • Train effectively. Use real-life examples in regular training programs. Make your sessions short, compelling, and specific to their role and your industry.
  • Empower employees. Give your employees a safe way to report mistakes without blame. Make it easy to ask questions and encourage discussion.
  • Reduce opportunities. Protect your team from hacks or mistakes with a zero-trust model that requires every employee (from the CEO to the intern) to be verified. Give employees access to only the resources they need.

Xigent cyber security experts can help you develop a security program and promote a company culture that protects your business. Get an assessment today to ensure your organization’s data is protected with a multi-leveled cyber security plan that meets your unique needs and budget.

1 Tessian Security Behaviors Report, 2021
2 CybSafe Research, 2020 
3  IBM Cyber Security Intelligence Index Report, 2021 

Get a Security Assessment