Half of Organisations Lack a Security Aware Culture According to PGI/Harvey Nash Cyber Security Survey by Matthew Olney


Half of Organisations Lack a Security Aware Culture According to PGI/Harvey Nash Cyber Security Survey

The cultivation of a security aware culture is vital to ensure successful cyber and information security. According to the PGI/Harvey Nash 2016 cyber security survey, 49% of respondents said that such a culture is lacking in their organisations.

Nearly three quarters of senior information security professionals surveyed said that the creation of such a culture is a vital part of ensuring that an organisation has effective cyber security measures in place. Without such a culture the threats posed from insider threats rises greatly, mostly as a result of employee accidents such as opening harmful emails which download malware. The company itself will also be an easy target for hostile actors with repercussions that could seriously harm the organisation both financially and in terms of reputation.

According to the survey, 54% of Chief Information Officers (CIO) and 48% of Chief Technology Officers (CTO) were classed as being ‘very well informed of risks’. In comparison, only 27% of Chief Executive Officers (CEO) and 25% of Chief Operating Officers (COO) were classed as well informed. The Board meanwhile was rated lowest for their risk awareness with just 17%.

With nearly half of organisations lacking a cyber aware culture it appears that many are happy to talk the talk but not walk the walk when it comes to cyber security.

Ambition Outpaces Actuality in Developing Security Aware Cultures

The issue of creating a cyber security aware culture is the responsibility of an organisations leadership. If executives and the board are not willing to learn how or invest in creating a culture then it is almost certain that such a culture will not be made.

The survey also reveals that Chief Information Security Officers (CISOs) are working hard to try and make sure that their superiors are aware of the risks. It seems that a lack of knowledge and/or an unwillingness to spend cash on the creation of a security aware culture is the reason for such a high numbers of organisations lacking such a culture.

56% of the senior information security professionals that took part in the survey said that they were concerned that their organisation does not have an effective budget when it comes to information security and 37% of respondents said that the lack of budget threatens their ability to prepare for and respond to security incidents.

Over a third of the senior information security professionals that took part in the survey said that their organisation suffered a ‘business-affecting information security incident’ over the last year.73% of respondents said that their organization had experienced social engineering and phishing attempts. 53% reported a virus or malware outbreak. Almost a quarter experienced a DOS or DDOS attack. These figures highlight just how important having a cyber aware culture is.

The education of executives and board members is key if organisations are to create a cyber security aware culture and introduce an effective budget to tackle cyber threats.

Educational courses such as PGI’s Executive Cyber Awareness Course teach leaders and managers of organisations to grasp the business critical issues of cyber security.  By understanding what needs to be done to reduce risks, an organisation’s leadership can take appropriate and effective action.

For more information on how PGI can make your business cyber secure click here

About the Survey

The Harvey Nash / PGI Cyber Security Survey represents the views of 176 senior information security professionals. Sixteen per cent of respondents were CISO, 27% were Head of InfoSec or Security Manager and 9% were CIO. The remaining 48% were spread between a range of roles including IT leaders with responsibility for security, security specialists and senior management. The Survey was conducted between 21st September 2015 and 7th December 2015.

About PGI

PGI’s mission is to provide high quality, expert and proportionate services, including raising security awareness and providing related certified education.

Whether you are a small company or large organisation, PGI can help make your business as secure as it needs to be. Our team of world-class cyber experts are some of the best qualified in the country, allowing you to rest easy that you are in safe hands with us.

We were also the first company in Europe to open its own cyber academy, a building that gives us the opportunity to provide first class education and cyber security training. PGI operates on a global scale and truly believe our motto, ‘making the world a safer place to do business.’

Whether you need intelligence, risk mitigation or physical security services, PGI is an organisation you can trust to keep your organisation as secure as you need it to be.

Website: www.pgitl.com


Hakin9 TEAM
Hakin9 is a monthly magazine dedicated to hacking and cybersecurity. In every edition, we try to focus on different approaches to show various techniques - defensive and offensive. This knowledge will help you understand how most popular attacks are performed and how to protect your data from them. Our tutorials, case studies and online courses will prepare you for the upcoming, potential threats in the cyber security world. We collaborate with many individuals and universities and public institutions, but also with companies such as Xento Systems, CATO Networks, EY, CIPHER Intelligence LAB, redBorder, TSG, and others.
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Scott Bishop
Scott Bishop
7 years ago

Fantastic article!

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023