Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Career Intelligence
    • Cyber Tactics
    • Cybersecurity Education & Training
    • Leadership & Management
    • Security Talk
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Interactive Spotlight
    • Photo Galleries
    • Podcasts
    • Polls
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
ManagementPhysicalSecurity Leadership and ManagementPhysical Security

How to improve security culture within an organization

By Erich Kron
employees around worktable

Image via Unsplash

June 23, 2023

The phrase “Security Culture” gets thrown around a lot these days both in the media and within organizations. But what does it really mean and how can organizations achieve a positive security culture? 

Behind every security system in place is a workforce of people, some of whom may not understand why it’s important to lock their computers when they leave their desk, never leave their keys unattended or why they should never click a link in an unsolicited email. For some organizations, there could be up to thousands of employees encountering threats daily.

Security culture is defined as “the ideas, customs and social behaviors of a group that influence its security.” If the employees who make up an organization are careful to maintain good \security hygiene, then a resolute security culture is formed. If they do not, then the organization is at a much higher risk. 

Security culture can be broken down into seven dimensions:

  1. Employee attitudes to security and policy
  2. Behaviors
  3. Cognitive processes surrounding security
  4. Quality of communication
  5. Compliance to security policies
  6. Organizational unwritten rules or norms
  7. Individual responsibilities

There are likewise seven steps in implementing a quality security culture. Keep in mind that something like this does not change overnight. A plan may span many business cycles or years.

The first step is to choose one or two dimensions of security culture to initially focus on. Don’t attempt to change every aspect of the culture at once as this will be difficult to achieve. It is important to note, however, that improving one dimension will often result in an indirect positive effect on the rest.

Narrowing down the organization’s top security risks is a good place to start. Say that employees lack understanding of common industry threats or they commonly fall for social engineering attacks. These would be two areas that should be addressed first.

Make a plan to address these issues on an organizational scale. This plan could consist of formal policy changes or a more casually organized effort. If there are already employees who have good security hygiene, choose them as representatives to model appropriate security behaviors. It is more likely that employees will adopt certain practices if they see that their peers are doing the same.

The next step is to take this plan to executive leadership. It is likely that they won’t want all the nitty-gritty details yet but be sure to explain to them how the current security culture is lacking and how changing it will benefit the organization overall. 

Once leadership buy-in is secured, communicate these changes to the wider workforce. The most important thing is to communicate the “why” of it. Why the current practices are unsafe, why these changes are necessary, and why such changes will benefit every member of the organization. Most individuals want to know why they should spend the extra time on a new policy when they could otherwise be accomplishing something else. Emphasize that a well-functioning and profitable business, will protect every member of the organization.

Consider taking a survey at this point to gauge employee attitudes and behaviors prior to the plan’s roll-out. Then, execute the plan for the first business cycle. A three-to-six-month period is reasonable for testing the waters. Be prepared to face resistance and to deal with any unforeseen issues that arise. Make note for the next cycle.

Once the plan has been executed and the first cycle has come to a close, take another survey and create a report to share with leadership. It’s also a good idea to share the results with the wider organization so that employees may see the fruits of their efforts. If all goes well, there will be an improvement in attitudes, security practices, and overall risk.

Using the report, analyze where the plan succeeded and where it struggled and why. Likewise, take a look at some of the other dimensions of security culture and see where the organization can improve in some new areas. From there, decide how to move forward for the next business cycle(s). Remember, don’t try to accomplish everything at once. Instead, slowly trickle in new best practices and continue to encourage quality behaviors and reinforce the same messaging from prior cycles. 

The key point here is that a poor security culture will not be fixed overnight. It is perhaps a daunting task to take on such a large-scale behavioral shift in an organization, however the importance in doing so cannot be overstated. 

Security safety in an organization starts and ends with its employees. Having a strong security culture will set an organization apart and will protect it from the many consequences that plague businesses in this day and age. Most importantly, in having fostered a quality security culture, an organization may rest easy and instead focus its energies on succeeding in its goals.

This article originally ran in Security, a twice-monthly security-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

KEYWORDS: risk management security awareness training security best practices security culture workplace culture

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Erich Kron is a security awareness advocate at KnowBe4, a provider of security awareness training and a simulated phishing platform.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Cyber tech background

    Security’s Top Cybersecurity Leaders 2026

    Security magazine’s Top Cybersecurity Leaders 2026 award...
    Top Cybersecurity Leaders
  • Iintegration and use of emerging tools

    Future Proof Your Security Career with AI Skills

    AI’s evolution demands security leaders master...
    Security Education & Training
    By: Jerry J. Brennan and Joanne R. Pollock
  • The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report

    The 2025 Security Benchmark Report surveys enterprise...
    The Security Benchmark Report
    By: Rachelle Blair-Frasier
Manage My Account
  • Security Newsletter
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Popular Stories

Hand reaching up out of the ocean

What I Learned About Burnout the Hard Way (and How to Actually Fix it)

Officers at an event

The 2026 FIFA World Cup Will Test Security Operations Like Never Before

Colorful laptop

Organizations Think They Know Who’s Visiting Their Sites. They Don’t.

Glasses in front of coding on screen

5 Ways Quantum and AI Will Rewrite the Rules of Cyberattacks

Sewer

Why Are People Entering NYC’s Sewers at Night?

SEC 2026 Benchmark Banner

Events

July 8, 2026

The 2026 Security Maturity Benchmark Report: Insights From Senior Security Leaders

LIVE: July 8, 2026 at 2 pm EDT In this webinar, speakers will share key insights from the report, including why today’s threat environment demands greater maturity and how to evaluate your organization’s current security posture.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products


Alertmedia sponsored webinar

Related Articles

  • workplace

    AppSec’s Secret Weapon to Improve Security Culture and Engagement

    See More
  • k12_900

    How to Improve School Security with Limited Budget

    See More
  • document security

    How to improve legal document security in six steps

    See More

Related Products

See More Products
  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

  • school security.jpg

    School Security: How to Build and Strengthen a School Safety Program

  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • Newsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2026. All Rights Reserved BNP Media, Inc. and BNP Media II, LLC.

Design, CMS, Hosting & Web Development :: ePublishing