Building a Model of Cybersecurity Culture: Survey Results

DescriptionOrganizations are vulnerable to cyber-attacks partially because people in the organization are unaware of or unprepared for cyber risks. Building a culture of cybersecurity where the values, attitudes, and beliefs align with organizational goals of cyber resilience is of significant interest to managers and leaders in charge of cybersecurity in organizations today. This research aims to provide practical tools for cybersecurity leaders to evaluate and improve the maturity of their organizational cybersecurity culture. This organizational cybersecurity culture model, named OCCM, is based on a systematic literature review, case studies, and workshop discussions. More specifically, to go beyond a literature review to identify the related components of organizational cybersecurity culture, we collected information through surveying individuals with knowledge of cyber practices in their companies, semi-structured interviews with willing participants, and voluntary workshop to discuss practices. This survey was developed by Cybersecurity at MIT Sloan (CAMS) at MIT’s Sloan School of Management to verify the developed model and explore cybersecurity culture across organizations within different industries. From June to December 2018, this project surveyed 187 individuals from 11 industries and 18 countries.
AuthorsKeman Huang, Keri Pearlson
Date PublishedDec 20, 2019
PDF Versioncybersecurity-culture-model-survey-results.pdf (1.9 MiB)