Cybersecurity culture improves despite the dark clouds of the past year
Despite a hardening economic climate, heightened global tensions and the onset of new technology making cybercrime easier, 76% of the CISOs, suggested that no material breaches had occurred and 60% said that no material cybersecurity incident had occurred in the past 12 months, according to ClubCISO and Telstra Purple.
This apparent success of security teams is particularly interesting given that CISOs on average rated their organization’s overall security posture lower than they did over the previous year.
Organization’s security culture has improved
Last year, 46% rated themselves as above average (at least 4/5 stars) while this year, only 38% rated themselves the same. Additionally, more than 13% of respondents don’t feel confident that their organization will be able to meet key security objectives – an exact repeat of last year’s result.
While not directly linked, the disparity between falling material breaches and incidents and overall security postures might partly be explained by the positive cultural gains that CISO have observed.
80% of respondents said they believed that their organization’s security culture has improved to some degree in the last year. And when asked about the most important factors affecting these cultural improvements, 60% stated that leadership endorsement was a major influence.
Digging into the cultural improvements in more detail, proactive ‘report it’ no-blame policies (41%), simulated phishing (38%) and tailored training (37%) remain as the other key drivers of security culture. However, they did score lower than the previous year, perhaps showing reduced impact due to them becoming more of a well-established part of security culture.
Decline in material cyber breaches
Advisory Board Member, Jessica Barker, commented, “Our findings this year acknowledge the crucial role that leadership endorsement plays in security culture. Cybersecurity has been rising up on the corporate agenda for a few years now, but this stronger alignment between security teams and senior leadership is very encouraging progress. Without tone (and resource) from the top, building a healthy security culture will always be more challenging.”
Compared to the year before, 67% of CISOs cited stronger alignment with the executive team (59% in 2022) and 54% with the board (49% in 2022).
In response to a severe threat landscape, most members (72%) responding to the survey now have cybersecurity insurance. However, the issue remains a divisive one, with some 15% not wanting insurance and not believing in the benefits.
“The results from the members survey reinforce what we’ve been seeing in the market for some time now – security strategies need to be built around people to be truly effective. It seems that the decline in material cyber breaches is linked to the people and cultural improvements – a huge 80% of CISOs suggested that their organization’s security culture had developed positively over the last year,” said Rob Robinson, Head of Telstra Purple EMEA.
“The fact that leadership endorsement is also being highlighted as a critical factor for establishing an effective security posture also recognises the progress CISOs have made at the very highest levels of business. Strong security is now clearly seen as a key corporate capability and that is in large part due to the voice CISOs have developed at the C-level,” added Robinson.