A new age of cybersecurity culture

Cyber Human Risk Management (HRM) is essential to cybersecurity culture, as the way people manage technology is the window through which threat actors can infiltrate organizations.

In all organizations, but particularly ones with diverse ways of working across geographies, building a comprehensive and sustained cybersecurity culture can be challenging. Cybersecurity culture complexities can include how to overcome change resistance, how to adopt emerging technologies securely without slowing down innovation, how to manage interconnected systems securely, how to make the most of metrics and measurement, and more.

KPMG, along with Cybersecurity at Massachusetts Institute of Technology (MIT) Sloan (CAMS), part of Sloan Management School Cybersecurity Research Division, set out to gain a better understanding of cybersecurity culture, its challenges, and how AI could make an impact.

Read the full survey findings to learn how AI can impact cybersecurity culture.

Secure behaviors

Fostering a cybersecurity culture – the values, attitudes and beliefs at leadership, group and individual levels across the enterprise - is key to managing cyber risk and driving secure behaviors.

Current state of maturity

With five levels of cybersecurity culture maturity, the organizations surveyed for this report are early in their cybersecurity journey and more so when it comes to using AI to support it.

Confronting cyber culture challenges

Organizations are facing a variety of challenges on the way to building a robust cybersecurity culture. Of these challenges, four overarching themes can be seen: the human behavior factor, emerging technologies, interconnected systems and measuring culture.

Scenario: CISO Yuki, as she prepares her annual budget, asks her Cyber HRM Director for help to refine the organization’s awareness and training strategy and include KPIs for board-level reporting.

AI use case: Using AI, the HRM Director aggregates data from internal and external sources to deliver a targeted risk analysis, tailored training and awareness strategy, and a scorecard that links cyber initiatives to business outcomes.

Benefits: This AI-driven approach equips Yuki with clear, data-backed insights for resource allocation, while allowing the HRM Director to maintain operational focus.

Discover more practical scenarios to help you overcome common challenges when starting to use AI to improve your cybersecurity culture.

Build a stronger cybersecurity culture with the support of AI by considering the following:

1. Outline your aspirations: Understand your current cybersecurity culture and set goals and aspirations for where you want to be in the future.

2. Secure support and investment: Seek support from parts of the organization that already have capabilities to develop and embed AI across functions.

3. Explore and experiment: Identify the gaps in your current capabilities and explore options for using AI through the definition of use cases.

4. Prioritize and implement: Focus on implementing the AI use cases that can have the most impact to driving a stronger cybersecurity culture and reducing risk.

5. Collect and measure what matters: An upfront focus on data and its quality can help you get the best out of your AI use cases, and avoid accuracy impacts of your AI models.

6. Be mindful of new risks: Consider what the AI tools and technologies can and can’t do, and the risks that come with them.

7. Prioritize the employee change journey: Prioritize employee wellbeing throughout change with the right communications, training and recognition.

Drawing on the findings of this new research of cybersecurity leaders, subject matter experts and cross-industry executives, we explore how to harness AI to promote secure workplace behaviors.