The most common risk is not always the most impactful (and vice versa). This is why security teams should conduct this exercise to best determine which risks to tackle first. Credit: VideoFlow/Adobe Stock The most common risk is not always the most impactful (and vice versa). This is why security teams should conduct this exercise to best determine which risks to tackle first. (Credit: VideoFlow/Adobe Stock)

As organizations realize that 68% cybersecurity incidents and breaches are a result of lapses in security judgment rather than absence of some technology tool, the notion of having a healthy security culture is being recognized as a major line of defense and a key part of a defense-in-depth approach.

That said, organizations face fundamental challenges with culture. Firstly, a clear definition of what security culture means or entails is not well understood. Secondly, organizations typically have a vague idea on how they can influence or scale security culture company wide.

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.