Foundation of cybersecurity infoscapes: it’s all about the culture

Abstract

Cyberculture is an evolving concept that dominates organizational security. Business cybersecurity breaches often occur due to the lack of a healthy cyberculture. This paper identifies, defines, and explores the concept of cyberculture and offers practical advice for approaching organizational culture change to embrace a proactive cyberculture. We identify and review key academic research, subject matter experts, and think-tank surveys of cybersecurity professionals. Qualitative interpretation of the literature suggests there are underlying themes and patterns relevant to achieving a healthy cyberculture. Findings indicate that cyberculture plays a key role in successful organizational cybersecurity, aligning strategic business objectives with security governance and controls to mitigate risk. Interpretation reveals that improved cyber strategy and skilled people play key roles in the adoption of cyberculture at every organizational level, while awareness, communication, influencers, and a clear reporting structure between boards, management, security leadership, and all employees, build cyber resilience. We propose that businesses will benefit from the creation and adoption of holistic positive cybercultures as integral to the overall organizational culture; and conclude that such a pragmatic path forward provides an improved nexus between a digital business culture and its cyberculture. Therein, we proffer that creating a cyberculture by which a pattern of shared basic assumptions that support both the aspects of information security, business strategy, and trust as a daily behavioral practice is a major step toward a positive cyber solution.