Developing cybersecurity culture to influence employee behavior: A practice perspective

This paper identifies and explains five key initiatives that three Australian organizations have implemented to improve their respective cyber security cultures. The five key initiatives are: identifying key cyber security behaviors, establishing a 'cyber security champion' network, developing a brand for the cyber team, building a cyber security hub, and aligning security awareness activities with internal and external campaigns. These key initiatives have helped organizations exceed minimal standards-compliance to create functional cyber security cultures. This paper discusses why these initiatives have been effective and provides practical guidance on their integration into organizational security program (c) 2020 Elsevier Ltd. All rights reserved.