In 2018 and 2019, I was on a team of a dozen cybersecurity and business professionals brought together by the Secretary of the Navy to investigate and provide solutions regarding decades of cyber “incidents.”
During our investigation, we visited best-in-class organizations, from the National Security Agency to Wall Street firms. We published our observations in March, 2019.
Culture is the Key
A major observation of the SECNAV Cybersecurity Readiness Review was that best-in-class appeared to have something that others did not: a culture that promoted security. These organizations understood that cybersecurity is an unfair battle because attackers have an incredible advantage. Their culture included cyber in an integrated risk management program, information sharing within trusted industry partners, and a balance between business and security needs.