Culture - the flaws in human nature - eats security budgets for breakfast
Add BT as a preferred sourceDeeperDive is a beta AI feature. Refer to full articles for the facts.
YOU CAN spend any amount of money on cybersecurity, but if the organisation lacks a strong security culture, your investments will never outpace the risks. Today, the biggest cyber risk influencer is still human conduct. Ignorance, arrogance, wishful thinking, sloppiness or lack of responsibility-taking or communication are to blame for most security breaches. Culture eats security budgets for breakfast.What are the indicators of a strong security culture and how do I know if I've got one? You cannot just ask "Is our security culture solid?" because the answer to that question, irrespective of the actual situation, will always be "Yes".
You also will learn little from the size of the security budget or the headcount of the security team. A list of security products deployed is just a list. Absence of incidents tells you little, as may the presence of a few incidents. Compliance to standards does not equate to security. And cyber insurance is just an insurance.
Whatever hard metric you find, it is likely not conclusive evidence of a good security culture. On the contrary, given the complexity of cybersecurity, any list of hard metrics is bound to be too long to be practically instructive to a board member. You must look for other signals.
Copyright SPH Media. All rights reserved.
TRENDING NOW
Air India asks Tata, Singapore Airlines for funds after US$2.4 billion loss
Beijing’s calculated silence on the Iran war
China pips the US if Asean is forced to choose, but analysts warn against reading it like a sports result
Richard Eu on how core values, customers keep Singapore’s TCM chain Eu Yan Sang relevant
