{"id":101136,"date":"2021-11-11T10:00:49","date_gmt":"2021-11-11T18:00:49","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=101136"},"modified":"2023-05-15T23:03:20","modified_gmt":"2023-05-16T06:03:20","slug":"how-to-assess-and-improve-the-security-culture-of-your-business","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/","title":{"rendered":"How to assess and improve the security culture of your business"},"content":{"rendered":"<p><em class=\"\">The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\" target=\"_blank\" rel=\"noopener\">Microsoft Security<\/a> Product Marketing Manager <a href=\"https:\/\/www.linkedin.com\/in\/nataliagodyla\/\" target=\"_blank\" rel=\"noopener\">Natalia Godyla<\/a> talks with <em>Cygenta Co-founder and Co-Chief Executive Officer <a href=\"http:\/\/www.linkedin.com\/in\/jessica-barker\" target=\"_blank\" rel=\"noopener\">Dr. J<\/a><\/em><a href=\"http:\/\/www.linkedin.com\/in\/jessica-barker\" target=\"_blank\" rel=\"noopener\"><em>essica Barker<\/em><\/a><em>, author of \u201cConfident Cyber Security: How to Get Started in Cyber Security and Futureproof Your Career\u201d and co-author of \u201cCybersecurity ABCs: Delivering awareness, behaviors and culture change.\u201d In this blog post, Jessica talks about how to build a security culture.<\/em><\/em><\/p>\n<p><strong>Natalia: How are most organizations doing? What is the state of cybersecurity culture?<\/strong><\/p>\n<p><strong>Jessica:<\/strong> It varies\u2014a lot of it comes down to resourcing and the emphasis placed on security from the leadership level. It can also come down to the experiences of the security team, security leadership, and the organization in terms of security incidents or near-misses. We&#8217;ve seen a lot of improvement in recent years, and that&#8217;s largely because there\u2019s more awareness among leaders that <a href=\"https:\/\/thecyberwire.com\/podcasts\/security-unlocked-ciso-series\/5\/notes\" target=\"_blank\" rel=\"noopener\">security culture is important<\/a>. Just 5 years ago, but particularly 10 years ago, there was very little discussion around culture and security culture.<\/p>\n<p>Every year, we ask ClubCISO, a private group for senior information security professionals and security leaders, about security. For the last three years, they said security culture is their number one hot topic for the year ahead. They even said it in March 2021, tying with cloud. When I think about the year <a href=\"https:\/\/thecyberwire.com\/podcasts\/security-unlocked-ciso-series\/1\/notes\" target=\"_blank\" rel=\"noopener\">that cloud has had and the forced digital transformation<\/a> many organizations have been through, it speaks volumes that security culture is as important of a priority as securely moving to the cloud.<\/p>\n<p><strong>Natalia: What does a cybersecurity culture assessment entail?<\/strong><\/p>\n<p><strong>Jessica:<\/strong> In a cybersecurity culture assessment, we listen to the organization and the people who work there and understand security assumptions. When I speak to people about security culture, there\u2019s often this idea that it is about how people behave, and that if we collect metrics around phishing, for example, it will tell us about the security culture. However, that will tell us something superficial. It&#8217;ll tell us what people are doing, not why they&#8217;re doing it.<\/p>\n<p>Understanding the \u201cwhy\u201d is absolutely crucial because that&#8217;s your point of influence to change behavior. The \u201cwhy\u201d helps in understanding underlying assumptions and determining what you can do if there are gaps between what the security team wants and what people are doing.<\/p>\n<p>The first stage is to understand the organizational culture, mission, and values and review the cultural symbols in the organization, including the branding, training, and messaging. Then, we run surveys, focus groups, and one-on-one interviews to encourage conversation, facilitate discussion, and understand what&#8217;s happening on a day-to-day basis, and most importantly, why.<\/p>\n<p><strong>Natalia: What are the indicators that a company needs a cybersecurity culture assessment?<\/strong><\/p>\n<p><strong>Jessica:<\/strong> One prompt for most of our clients is that they feel like they need to do more to manage human risk, but they don&#8217;t know what. There may be incidents or near-misses. There may be indications around phishing or how people are managing passwords. There may be behavioral indicators\u2014what they want from the people in the organization doesn\u2019t match reality. Another key prompt is not understanding why their current culture isn&#8217;t developing in the way that they would want. Often, the organizations will have tried to deal with this in one way or another through awareness-raising, and there\u2019s frustration because they\u2019re telling people what to do, and they&#8217;re still not doing it. It takes a level of maturity, and it often takes organizations that aspire to be people-centric, to help their workforce be more security-conscious.<\/p>\n<p>We measure security culture by gathering a lot of qualitative data to understand why people are doing what they&#8217;re doing. It goes back to the classic \u201cstart with why,\u201d and then crunching numbers from surveys. We use grounded theory to qualify the data we get back. We immerse ourselves in that data and identify patterns. We also use anonymous quotes, comments, and keywords from workshops, focus groups, and one-on-one interviews to bring that story to life.<\/p>\n<p><strong>Natalia: What are typical challenges to establishing a positive security culture?<\/strong><\/p>\n<p><strong>Jessica:<\/strong> I&#8217;m working with a financial services client that has a very positive organizational culture and lives by their values. But there have been challenges around security culture in this organization for many reasons, including fast digital transformation and growth. It&#8217;s taken them until this year to understand what a security culture means for their organization.<\/p>\n<p>Because the people who work there felt loyalty to the organization, they wanted to behave in a secure way. They understood the importance of it, but there were blockers, including a lack of communication on why certain security controls were in place. It\u2019s an entrepreneurial organization that moves quickly, so there were underlying cultural influences encouraging people to behave in less secure ways while prioritizing productivity. We&#8217;ve been undertaking a program to help the security team better communicate the \u201cwhy,\u201d and the organization has been receptive to it.<\/p>\n<p>It&#8217;s also very hard to change behavior if the security leadership or organizational leadership team is not on board. Another consideration is the perception of a just culture. If somebody clicks a malicious link or makes a mistake, do they feel that they can put their hand up and report it without being unduly blamed? If people have a perception that the culture is about retribution and \u201cpointing the finger,\u201d that&#8217;s damaging to security culture.<\/p>\n<p><strong>Natalia: What\u2019s the biggest mistake organizations make when trying to build and foster a security culture?<\/strong><\/p>\n<p><strong>Jessica:<\/strong> To try to build a security culture that is not aligned with the business culture. One organization I worked with a few years ago was a very positive and people-centric healthcare organization. They were always seeking to say, \u201cYes,\u201d to people in their wider organizational culture, but the security team was pushing a security culture that said, \u201cNo,\u201d and was perceived as the \u201cDepartment of No,\u201d like many security teams. That&#8217;s a really common problem because the organizational culture will always win out, and if you try and bolt on a security culture that runs against the wider organization, it won&#8217;t work.<\/p>\n<p>Often, the organizational culture of a company is not prepared to build a positive cybersecurity culture, and change requires patience. It&#8217;s a slow journey. That kind of client isn&#8217;t ready for a security culture assessment, so the work focuses on influencing the senior leadership to show them the importance of security culture. When organizations want a security culture assessment, that&#8217;s when they&#8217;re ready for it.<\/p>\n<p><strong>Natalia: How does the psychological well-being of the security team impact the security culture?<\/strong><\/p>\n<p><strong>Jessica:<\/strong> At one organization, there was a lack of communication around security. The security team was so stressed, burnt-out, busy, and overworked that they didn&#8217;t have time to engage with their colleagues in the rest of the business. It led to the impression that the security team was not friendly or approachable, and it created a barrier to a positive security culture. Taking care of the well-being of the security function is fundamental.<\/p>\n<p>To immediately improve the well-being of their team, managers can talk about the issues. If you&#8217;re comfortable doing so, this can include talking about your own mental well-being or acknowledging burnout stress and impostor syndrome. These are real issues in the industry, and it can be a relief for people to hear that they&#8217;re not alone and to have this safe space. It makes everyone feel more comfortable saying, \u201cHey, I need a day off for my mental health.\u201d Mental health days are crucial in organizations, but leadership must show that they\u2019re a priority.<\/p>\n<p><strong>Natalia: Besides an assessment, how can security teams improve their understanding of human risk?<\/strong><\/p>\n<p><strong>Jessica:<\/strong> Behavioral economics, neuroscience, and psychology are all disciplines that can teach us about the human side of security and security culture. I\u2019d recommend books like \u201cNudge,\u201d \u201cThinking Fast and Slow\u201d, and the work of Tali Sharot, a neuroscientist, whose work on the optimism bias is very relevant to security. There&#8217;s also a lot of great work being done in academia on security culture\u2014papers and research that are advancing the field. It was interesting as well to see this year that Verizon did a shout-out to security culture for the first time in their data breach investigation report. Security culture is going more mainstream and is now higher up on the agenda in the security profession.<\/p>\n<h2>Learn more<\/h2>\n<p>To learn more about Microsoft Security solutions,\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/solutions\" target=\"_blank\" rel=\"noopener\">visit our\u00a0website<\/a>.\u00a0Bookmark the\u00a0<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\" target=\"_blank\" rel=\"noopener\">Security blog<\/a>\u00a0to keep up with our expert coverage on security matters. Also, follow us at\u00a0<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noopener\">@MSFTSecurity<\/a>\u00a0for the latest news and updates on cybersecurity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cygenta Co-Founder and Co-Chief Executive Officer Dr. Jessica Barker talks about the importance of security culture and how to build a solid one in your organization. <\/p>\n","protected":false},"author":106,"featured_media":101382,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"_classifai_error":"","footnotes":""},"content-type":[3659],"topic":[3683],"products":[],"threat-intelligence":[],"tags":[3809],"coauthors":[2433,2862],"class_list":["post-101136","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","content-type-best-practices","topic-security-management","tag-security-strategies"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to assess and improve the security culture of your business | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to assess and improve the security culture of your business | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"Cygenta Co-Founder and Co-Chief Executive Officer Dr. Jessica Barker talks about the importance of security culture and how to build a solid one in your organization.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2021-11-11T18:00:49+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-05-16T06:03:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/11\/SEC20_Security_018-1.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Natalia Godyla, Jessica Barker\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/11\/SEC20_Security_018-1.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Natalia Godyla, Jessica Barker\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/natalia-godyla\/\",\"@type\":\"Person\",\"@name\":\"Natalia Godyla\"},{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/jessica-barker\/\",\"@type\":\"Person\",\"@name\":\"Jessica Barker\"}],\"headline\":\"How to assess and improve the security culture of your business\",\"datePublished\":\"2021-11-11T18:00:49+00:00\",\"dateModified\":\"2023-05-16T06:03:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/\"},\"wordCount\":1487,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/11\/SEC20_Security_018-1.jpg\",\"keywords\":[\"Security strategies\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/\",\"name\":\"How to assess and improve the security culture of your business | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/11\/SEC20_Security_018-1.jpg\",\"datePublished\":\"2021-11-11T18:00:49+00:00\",\"dateModified\":\"2023-05-16T06:03:20+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/11\/SEC20_Security_018-1.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/11\/SEC20_Security_018-1.jpg\",\"width\":1200,\"height\":800,\"caption\":\"Adult female working on desktop monitor.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to assess and improve the security culture of your business\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to assess and improve the security culture of your business | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/","og_locale":"en_US","og_type":"article","og_title":"How to assess and improve the security culture of your business | Microsoft Security Blog","og_description":"Cygenta Co-Founder and Co-Chief Executive Officer Dr. Jessica Barker talks about the importance of security culture and how to build a solid one in your organization.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/","og_site_name":"Microsoft Security Blog","article_published_time":"2021-11-11T18:00:49+00:00","article_modified_time":"2023-05-16T06:03:20+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/11\/SEC20_Security_018-1.jpg","type":"image\/jpeg"}],"author":"Natalia Godyla, Jessica Barker","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/11\/SEC20_Security_018-1.jpg","twitter_misc":{"Written by":"Natalia Godyla, Jessica Barker","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/natalia-godyla\/","@type":"Person","@name":"Natalia Godyla"},{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/jessica-barker\/","@type":"Person","@name":"Jessica Barker"}],"headline":"How to assess and improve the security culture of your business","datePublished":"2021-11-11T18:00:49+00:00","dateModified":"2023-05-16T06:03:20+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/"},"wordCount":1487,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/11\/SEC20_Security_018-1.jpg","keywords":["Security strategies"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/","name":"How to assess and improve the security culture of your business | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/11\/SEC20_Security_018-1.jpg","datePublished":"2021-11-11T18:00:49+00:00","dateModified":"2023-05-16T06:03:20+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/11\/SEC20_Security_018-1.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2021\/11\/SEC20_Security_018-1.jpg","width":1200,"height":800,"caption":"Adult female working on desktop monitor."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/11\/11\/how-to-assess-and-improve-the-security-culture-of-your-business\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"How to assess and improve the security culture of your business"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}}]}},"msxcm_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/101136"}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/106"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=101136"}],"version-history":[{"count":0,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/101136\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/101382"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=101136"}],"wp:term":[{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=101136"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=101136"},{"taxonomy":"products","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/products?post=101136"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=101136"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/tags?post=101136"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=101136"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}