Australian IT leaders struggle to build security culture


By Dylan Bushell-Embling
Wednesday, 22 March, 2023
Australian IT leaders struggle to build security culture

Only one in three Australian IT decision-makers think their organisation has a good security culture, according to new research published by KnowBe4.

A survey commissioned by the company found that 27% of Australian respondents hadn’t even heard the term security culture before, and only two in three of the remainder know what the term means.

The survey found that among IT decision-makers who have heard the term, the most common understanding is a recognition that security is a shared responsibility across the organisation (67%) as well as having an awareness and understanding of security issues (64%).

Meanwhile 59% believe the term means compliance with security policies, and 44% believe it also means that security is embedded into the organisation’s culture.

One in 10 (11%) of IT decision-maker respondents indicated that they know what security culture is but do not believe their organisation needs one, with a further 9% saying they recognise the need to adopt a security culture but are unsure of how to achieve this.

KnowBe4 Security Awareness Advocate for APAC Jacqueline Jayne said the findings do at least indicate that the term security culture is starting to find its way into the lexicon of IT leaders.

“But there is a problem — IT decision-makers have vastly different definitions of security culture, which makes it almost impossible to measure and work toward,” she said.

“At KnowBe4, we define security culture as the ideas, customs and social behaviours that influence an organisation’s security. A common definition makes it possible to discuss the same thing, in the same way.”

Employees are even more in the dark, with only 57% of office workers having heard the term. In addition, 25% of office workers say their employer hasn’t communicated with them about security culture at all.

Among office workers who have an IT team to ask, 34% indicated that they are reluctant to ask their IT team security-related questions, with 18% saying doing so is a hassle, 13% fear the consequences of doing so and 13% feel embarrassed to do so.

Image credit: iStock.com/greenbutterfly

Related News

Australian ransomware payments average at $9.27 million

Data from Sophos suggests that Australian businesses falling victim to a ransomware attack...

Akamai launches zero trust platform

Akamai's new Guardicore platform combined Zero Trust Network Access with microsgmentation to...

Veeam buys ransomware response company Coveware

Veeam has arranged to augment its cyber extortion incident response capabilities with the...

Content from other channels on our network

Govt funds telco resilience tech, responds to LEOSat report

Extreme enclosure heli-lifted into an extreme environment

Cyber secured at critical network device level has never been more important

Cradlepoint 'Vehicle as a Node' is the Next Frontier for Emergency Services

Govt responds to post-incident review of Optus outage

Central Highlands Water chooses Infor for ERP

The benefits and risks of AI usage in the public sector

Cobalt Iron earns patent on analytics-based dynamic authorisation control

Shoalhaven City Council uses AI to deliver safer roads to the community

Smart technologies: helping councils improve community services and sustainability

When does a conductor not conduct?

Purdue-created tech makes 3D microscopes easier to use

Cracking the code on spin currents

Recyclable circuit board turns to jelly for disassembly

The potential of flexible thin-film electronics for chip design

  • All content Copyright © 2024 Westwick-Farrow Pty Ltd