Security Culture
Technology and procedures alone do not deliver security outcomes. The attitudes, behaviours, and shared norms within an organisation determine whether security measures are effective in practice or merely present on paper. This research programme investigates what constitutes a mature security culture, how it can be measured, and what practical steps organisations can take to develop it.
Security Culture Assessment
Measure the maturity of security culture across your organisation and identify areas where leadership, awareness, and practice can be strengthened.
ScoreApp embed will be configured here.
Add your ScoreApp URL to enable the assessment.
Why this matters
Most security failures are not primarily technical. They stem from gaps in awareness, breakdowns in communication, normalised workarounds, or leadership signals that inadvertently deprioritise security. An organisation's security culture shapes how people interpret risk, respond to incidents, and make everyday decisions that collectively determine the security posture of the enterprise.
Measuring security culture is challenging precisely because it involves intangible factors: trust, accountability, psychological safety, and the willingness to report concerns without fear of reprisal. Yet without measurement, improvement is speculative. This research develops practical frameworks for assessing security culture maturity that are grounded in organisational psychology and adapted for security contexts.
The programme is relevant to security leaders, human resources professionals, and senior executives who recognise that sustainable security performance depends on people and systems working together, not on technology alone.