Creating a Safety Culture for Cybersecurity

Dateline: January 27, 2017

Welcome to our Friday WRAP – one thought-provoking idea to think about over the weekend.

A recent Sloan Management Review article interviewing Professor Stuart Madnick, director of MIT’s Interdisciplinary Consortium for Improving Critical Infrastructure Cybersecurity (IC)³, pointed out how far away we are from protecting our organizations from cybersecurity breaches.  Professor Madnick suggests,

Companies need to develop that kind of safety culture and mindset about cybersecurity. Think of it this way: I could put a stronger lock on my door, but if I’m still leaving the key under the mat, have I really made things any more secure? Although that’s an oversimplification, that’s the phenomenon in organizations: We’re building stronger doors but leaving keys all over the place. That’s why the organizational and managerial aspects of cybersecurity are so critical.

Professor Madnick shared an example of a safety mindset from the energy industry.

We work with energy companies. I was talking to someone who had visited the headquarters of one of them, and he said that if you’re going up or down the stairs and not holding the railing, someone will actually stop you and say, “Please hold the railing, for safety.” That’s how ingrained they have gotten the idea of safety. I was told that if you’re walking down the hallway texting on your phone, someone will say, “Stop. Either do your texting, or do your walking. Don’t do both.” Because they understand that if they do something wrong in oil refining, plants can blow up, and people die. That safety mindset permeates the organization.

What does a safety culture for cybersecurity look like for your organization?  How can you plant the seeds to make it happen?

That’s a WRAP!  Have a great weekend!

Speak Your Mind