Despite the number of high profile data breaches in recent years, Singapore employees apparently are scratching their heads over what it means to have a security culture.
Just one third of IT decision makers in the Asian nation understood what constituted having a “security culture”, while 53% of employees admitted to never coming across the term, according to research commissioned by security training provider KnowBe4. Conducted by YouGov over a fortnight last December, the online survey polled 1,009 office workers and 214 IT decision makers in Singapore.
Some 15% of IT decision makers also had never heard of security culture. Amongst 85% of those who recognised it, 73% knew what it actually meant.
And amongst the senior IT executives who understood what it meant, 6% did not believe their organisation needed a security culture. Another 14% said their organisation had such practices in place, but did not know how to successfully attain a security culture.
Asked to define what it meant, 79% of IT decision makers who knew the term pointed to an awareness of security issues, while 71% described it as recognition that security was a shared responsibility across the organisation. Another 57% pointed to compliance with security polices and 47% described as having security embedded into the corporate culture.
Amongst employees, 30% noted that their organisation had not communicated about security culture and 53% had never heard of the term. Some 30% said their company had discussed security culture, though, a lower 23% said they