For What Technology Can’t Fix: Building a Model of Organizational Cybersecurity Culture

AbstractOrganizational cybersecurity requires more than just the latest technology. To secure an organization, all members of the organization must act to reduce risk. Leaders have a special responsibility to understand, shape and align the beliefs, values, and attitudes of the entire organization with overall security goals. Managers need practical solutions for dealing with the human side of cybersecurity. The model presented in this paper describes organizational cybersecurity culture, the factors that contribute to its creation, and how it can be measured. A case study of a “culture of data protection” created by leaders at financial services firm Liberty Mutual illustrates these factors to help managers understand and apply recommendations to create a more mature cyber security culture in their organization.

Return to previous page