To improve security, the cybersecurity industry needs to follow the aviation industry’s shift from a blame culture to a “just” culture, according to director of the Information Systems Audit and Control Association Serge Christiaans.
Speaking at Singapore’s Smart Cybersecurity Summit this week, Christiaans explained that until around 1990, the number of fatal commercial jet accidents was growing alongside a steady increase of commercial flights. But around the turn of the decade, the number of flights continued to rise while the number of fatalities began to drop.
According to one analysis, [PDF] the rate of fatal accidents fell from nine per 10 million flights in the 80s to six per 10 million in the 90s. Between 1995 and 2001, that figure was three per 10 million.</p
“There was a big game changer,” Christiaans told the Summit. “Millions of people a day now fly in commercial aviation, and nothing happens.”
While acknowledging that improved technology, more mature processes and improved leadership all helped to improve aviation safety, the former pilot and field CISO at tech consultancy Sopra Steria said the biggest improvements came from a change to a “just culture” that accepts people will make mistakes and by doing so makes it more likely errors will be reported.
In a just culture, errors are viewed as learning opportunities instead of moral failing, creating transparency and enabling constant improvement.
“We’re not trying to blame, we’re not trying to point fingers, we’re trying to find the reasons behind the mistake,”
Read more