Organizations are rapidly adopting AI. It’s exposing them to new risks. It is also creating countless opportunities to improve operations and efficiencies, unlock value and grow competitive advantage.


Forward-thinking organizations are experimenting with AI in cybersecurity. An aspect that holds great potential is how AI can help organizations boost their cybersecurity culture.

Cyber Human Risk Management (HRM) is essential to cybersecurity culture, as the way people manage technology is the window through which threat actors can infiltrate organizations.

In all organizations, but particularly ones with diverse ways of working across geographies, building a comprehensive and sustained cybersecurity culture can be challenging. Cybersecurity culture complexities can include how to overcome change resistance, how to adopt emerging technologies securely without slowing down innovation, how to manage interconnected systems securely, how to make the most of metrics and measurement, and more.

KPMG, along with Cybersecurity at Massachusetts Institute of Technology (MIT) Sloan (CAMS), part of Sloan Management School Cybersecurity Research Division, set out to gain a better understanding of cybersecurity culture, its challenges, and how AI could make an impact. 

Read the full survey findings to learn how AI can impact cybersecurity culture. 

This study is one of the first to consider the impacts of AI on cybersecurity culture. While we see AI impacting just about every aspect of our business today, the impact it is having (and potentially will have) on the way our people do their jobs is something every manager must consider. To ignore the impacts of AI on the values, attitudes, and beliefs that drive the behaviors of our colleagues is to leave open one of the biggest vulnerabilities from cyber threats that our organizations face today.

Dr. Keri E. Pearlson
Executive Director, Cybersecurity at MIT Sloan
MIT Sloan School of Management

Key themes

Secure behaviors

Fostering a cybersecurity culture – the values, attitudes and beliefs at leadership, group and individual levels across the enterprise - is key to managing cyber risk and driving secure behaviors.
 

Current state of maturity

With five levels of cybersecurity culture maturity, the organizations surveyed for this report are early in their cybersecurity journey and more so when it comes to using AI to support it.
 

Confronting cyber culture challenges

Organizations are facing a variety of challenges on the way to building a robust cybersecurity culture. Of these challenges, four overarching themes can be seen: the human behavior factor, emerging technologies, interconnected systems and measuring culture. 

A strong cybersecurity culture is when people do the right thing, understand why cybersecurity is beneficial for the business, encourage and challenge others, and admit when something has gone wrong.

Akhilesh Tuteja
Global Cyber Leader
KPMG International

In today’s rapidly evolving landscape, the rise of AI is reshaping how organisations approach cybersecurity. While AI brings transformative opportunities for efficiency and innovation, it also introduces new vulnerabilities. Building a resilient cybersecurity culture is key to mitigating these risks and fostering secure behaviors. Strong cyber culture aligns values and actions across leadership, teams, and individuals to safeguard organisations. AI plays a pivotal role by enhancing visibility, personalising training, and scaling security initiatives effectively. Challenges persist, from adapting to emerging technologies to managing diverse global workforces. Organisations must address human behavior, interconnected systems, and measurable outcomes to succeed. At KPMG in Cyprus, we work closely with our clients to navigate these challenges, providing tailored strategies and AI-driven solutions. By integrating advanced technologies with expert insights, we help organisations build secure, adaptive, and future-ready cyber cultures. Together, we empower businesses to thrive while safeguarding their operations in an increasingly complex digital world.

Gerasimos Ntouskas
Board Member, Technology Consulting
KPMG Cyprus

How can AI help boost cyber culture?

Fostering a strong cybersecurity culture across enterprises and broader ecosystems clearly has its challenges. And, it’s only getting more challenging. AI supports can help an organization building a strong cybersecurity culture through five key themes – visibility, efficiency, quantification, personalization and scalability. 

AI in action

Scenario: CISO Yuki, as she prepares her annual budget, asks her Cyber HRM Director for help to refine the organization’s awareness and training strategy and include KPIs for board-level reporting.

AI use case: Using AI, the HRM Director aggregates data from internal and external sources to deliver a targeted risk analysis, tailored training and awareness strategy, and a scorecard that links cyber initiatives to business outcomes.

Benefits: This AI-driven approach equips Yuki with clear, data-backed insights for resource allocation, while allowing the HRM Director to maintain operational focus.

Discover more practical scenarios to help you overcome common challenges when starting to use AI to improve your cybersecurity culture. 

Seven considerations to transform your cyber culture

Build a stronger cybersecurity culture with the support of AI by considering the following:

1. Outline your aspirations: Understand your current cybersecurity culture and set goals and aspirations for where you want to be in the future.

2. Secure support and investment: Seek support from parts of the organization that already have capabilities to develop and embed AI across functions.

3. Explore and experiment: Identify the gaps in your current capabilities and explore options for using AI through the definition of use cases.

4. Prioritize and implement: Focus on implementing the AI use cases that can have the most impact to driving a stronger cybersecurity culture and reducing risk.

5. Collect and measure what matters: An upfront focus on data and its quality can help you get the best out of your AI use cases, and avoid accuracy impacts of your AI models.

6. Be mindful of new risks: Consider what the AI tools and technologies can and can’t do, and the risks that come with them.

7. Prioritize the employee change journey: Prioritize employee wellbeing throughout change with the right communications, training and recognition. 

A new age of cybersecurity culture

Drawing on the findings of this new research of cybersecurity leaders, subject matter experts and cross-industry executives, we explore how to harness AI to promote secure workplace behaviors.

Related content

Let's connect

Connect with us