Culture eats structure for breakfast.Peter Drucker
Culture is one of the most important aspects to the success for every business. Whether that is a business of 1 or 1,000,000. Without a culture of reducing cyber risk, there is nothing a business can do.
No matter how many policies, strategies, tool are put in place, a business that doesn’t honor those strategies it is destined to fail. Well, it has a high likely hood of being hacked.
So what is culture? Culture is to a group as mindset is to an individual. Culture is the personality of the organization. There are organizations that is more focused on making money than providing a great product and there are the opposite. There are companies that are focused on staying busy, or looking busy, and there are companies that want the best for their employees. There are dysfunctional companies and companies what would rather you be solely dedicated to the company and not to yourself.
If you ever wonder what the culture of a company is like, checkout glassdoor.com, pick a company read some of the employee’s reviews. It may shock you.
Why is culture so important? If the culture of an organization does not call for being risk aware, the discussion of risk will never be a topic.
The failure of Bear Stearns and the failure of Enron can be directly linked to its culture. Both companies were more focused on making image and making money that good decisions and investments went out the window.
Now on the other hand, Berkshire Hathaway, has a culture of only investing in what they know and understand. Not taking risks in industries that they do not understand. Making Warren Buffet one of the richest people in the world.
Building a culture that promotes cybersecurity and welcomes cybersecurity principles will lower the risk of being a target of hacking. And it all starts with communicating.
“Culture does not change because we desire to change it. Culture changes when the organization is transformed – the culture reflects the realities of people working together everyday.”Frances Hesselbein
Changing the realities of an organization starts with communicating the vision of what is possible. It is in the possibility of something that has people buy in to the idea and vision. Change for change sake does not create change. Human nature will have us return to what we know if there isn’t a compelling reason to do something different.
The dynamics of the group holds the key. The more people that believe in the vision and want to be apart of a bigger cause will create a gravitational pull that can change an entire organization.
The 14th laws in Robert Greene’s book “The Laws of Human Nature”, Robert Greene talks about group dynamics and how it is ingrained into our nature. As humans we are social creatures and what many of us fear the most if being ousted by the group we belong.
Where we work is very much a group that we belong and we do not want to views as an outsider or someone that does not conform. This is what culture creates in an organization.
It is up to the leadership of any organization to set the culture. It is in the leadership and building a following around a possibility that establishes a culture of security.
To make this change, create a vision, share that vision, and keep sharing the vision until you start to build a following. This will start to shift the culture of the organization.