A workforce that is aware and engaged on the importance of cyber security is a critical enabler of success for any cyber security program.
Creating a culture of security within an organisation goes beyond educating staff about specific risk-mitigating behaviours. Culture is a product of the shared values and beliefs of an organisation, as expressed through the collective behaviours and practices of staff.
Maturing the “security culture” of an organisation thus requires a strategic approach that engages senior leadership, instils values and standards across the organisation, and empowers and rewards staff to take positive actions.
Our client for this engagement is a market-leading brand which prides itself on being at the forefront of digital innovation.
We developed and executed a strategic plan to embed and uplift the culture of security within this organisation, complementing and supporting a cyber security transformation program that was concurrently underway.
This involved developing a set of security values that emerged from and amplified the organisation’s own business strategy and values, activating senior leaders to promote these values, and driving desired behaviours through an awareness and learning program.
elevenM developed a program which:
- Conceived a set of organisational security values based on business strategy and other key drivers
- Gained senior executive sponsorship and participation in promoting security culture
- Organised events, multimedia and communications artefacts in support of security culture
- Delivered a long-term awareness and education program for staff