UK NCSC releases principles for strengthening organisational cybersecurity culture
Drawing on research with government and industry, the NCSC has outlined six principles to help organisations foster a sustainable cyber security culture across all levels.
The UK’s National Cyber Security Centre (NCSC) has published a framework of six principles aimed at supporting organisations in developing a strong internal cybersecurity culture. The principles are based on research conducted with government and industry stakeholders and are intended to guide organisations in embedding cyber-resilient behaviours among their personnel.
The principles are outlined as follows:
- Frame cyber security as an enabler that supports the organisation’s core objectives.
- Encourage openness by building trust, safety, and processes that support transparency around security issues.
- Adapt to change to address new threats and take advantage of opportunities to improve resilience.
- Acknowledge the role of social norms in shaping secure behaviours within the organisation.
- Recognise leadership responsibility in influencing cyber security culture.
- Maintain accessible and clear security rules and guidance to support user understanding and compliance.
Each principle is accompanied by practical examples illustrating effective and ineffective application.
The NCSC notes that building a cybersecurity culture requires ongoing and coordinated efforts across multiple organisational roles, including cybersecurity professionals, cultural specialists, and leadership. The centre highlights that the ability of staff to support security objectives is influenced by the overall organisational environment and approach to cyber risks.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!