Australian IT leaders struggle to build security culture


By Dylan Bushell-Embling
Wednesday, 22 March, 2023

Australian IT leaders struggle to build security culture

Only one in three Australian IT decision-makers think their organisation has a good security culture, according to new research published by KnowBe4.

A survey commissioned by the company found that 27% of Australian respondents hadn’t even heard the term security culture before, and only two in three of the remainder know what the term means.

The survey found that among IT decision-makers who have heard the term, the most common understanding is a recognition that security is a shared responsibility across the organisation (67%) as well as having an awareness and understanding of security issues (64%).

Meanwhile 59% believe the term means compliance with security policies, and 44% believe it also means that security is embedded into the organisation’s culture.

One in 10 (11%) of IT decision-maker respondents indicated that they know what security culture is but do not believe their organisation needs one, with a further 9% saying they recognise the need to adopt a security culture but are unsure of how to achieve this.

KnowBe4 Security Awareness Advocate for APAC Jacqueline Jayne said the findings do at least indicate that the term security culture is starting to find its way into the lexicon of IT leaders.

“But there is a problem — IT decision-makers have vastly different definitions of security culture, which makes it almost impossible to measure and work toward,” she said.

“At KnowBe4, we define security culture as the ideas, customs and social behaviours that influence an organisation’s security. A common definition makes it possible to discuss the same thing, in the same way.”

Employees are even more in the dark, with only 57% of office workers having heard the term. In addition, 25% of office workers say their employer hasn’t communicated with them about security culture at all.

Among office workers who have an IT team to ask, 34% indicated that they are reluctant to ask their IT team security-related questions, with 18% saying doing so is a hassle, 13% fear the consequences of doing so and 13% feel embarrassed to do so.

Image credit: iStock.com/greenbutterfly

Related News

Lack of leadership buy-in biggest obstacle to digital trust: report

A new report from ISACA says that many organisations say that in five years digital trust will be...

Lack of customer confidence affecting security strategies: report

A survey from LogRhythm finds three-quarters of ANZ companies changed their security strategy...

IMT sector was Australia's most targeted in 2023: report

The information, media and technology sector has been the Australian industry most targeted...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd