There are many definitions of the concept “cybersecurity culture”. Within the Cyber-In project, when we talk about cybersecurity culture, we have in min the definition of ENISA, the European Union Agency for Network and Information Security.

“Humans remain the weakest link in the security chain, and investing in and developing cybersecurity cultures within organisations can decrease the human factor risk, imparting a positive impact on efficiencies and security while mitigating financial risks. Cybersecurity Culture (CSC) of organizations refers to the knowledge, beliefs, perceptions, attitudes, assumptions, norms and values of people regarding cybersecurity and how they manifest in people’s behaviour with information technologies. CSC is about making information security considerations an integral part of an employee’s job, habits and conduct, embedding them in their day-to-day actions.”

In the definition we use, humans are at the core of cybersecurity and it´s the human factor that makes the difference between organizations that are aware, ethical, responsible and committed to cybersecurity. It is more about attitudes than aptitudes and the number 1 objective of this course is to act on behaviours, attitudes and company policies to promote a safe environment for workers, companies and consumers in OT environments.

• Recommended reading: “CYBERSECURITY CULTURE IN ORGANIZATIONS”