BETA: The DVMS Cultural
Assessment Tool (DVMS-CAT™)
One of the best ways for an organization to reduce cyber risk is to build a culture of cybersecurity. This entails creating a mindset in employees that the risk is real and their daily actions impact that risk.
Cybersecurity culture is important as it plays a key role in an organization's ability to deliver the secure, resilient, and trusted digital outcomes clients and regulators expect. It must be part of a broader corporate culture of day-to-day actions, encouraging employees to make thoughtful decisions that align with security policies.
A security culture is more than just cybersecurity awareness. It requires the workforce to understand the fundamentals of how digital systems work, their risks to the business, and their role in helping the organization mitigate digital risks.
Everyone on staff (including full-time, part-time, and
contractors) must clearly understand digital risk relative
to the organization and their role within it. They must
understand the impact they have in protecting
organizational digital assets.
Find us on LinkedIn
The journey and commitment
The journey to building a cybersecurity culture starts with a commitment from executive management. Executive leadership will define the journey’s characteristics by answering the following questions.
- Where are we now? (assessing the current state)
- Where are we going? (planning for the future state)
- Why are we going? (justification for capital investment)
- How will we handle the unexpected? (change management plan)
- How will we measure success? (metrics and feedback)
The above approach will provide executive leadership with the data to justify the investments required to assess the organization's current state and to build and implement the plan to realize its future cybersecurity culture state.
Cybersecurity enabled by your people
What does the DVMS Cultural Assessment Tool (DVMS-CAT™) measure?
Organizations unveil grand strategies and meticulously crafted blueprints for success. Yet, amidst the fanfare of vision statements and market analyses, Peter Drucker’s timeless adage whispers a crucial truth: “Culture eats strategy for breakfast.” Though deceptively simple, these five words provide a stark warning: no matter how superb the strategy, it can be undermined by human factors that are the invisible forces of organizational culture.
The DVMS-CAT survey and resulting report explore the essence of that force, using the Johnson and Scholes culture web¹ as a lens to examine the complex tapestry woven within an organization. Just as a spider diligently constructs its web, thread by thread, culture also quietly binds organizational values, behaviors, and beliefs together. This intricate network, often invisible to the naked eye, exerts a powerful influence on every facet of the organization, from collaboration and innovation to decision-making and engagement.
Our objective in creating the cybersecurity culture assessment tool was to unearth the implicit perceptions that guide interactions, the shared assumptions that inform choices, and the narratives that bind. The resulting data presents a nuanced picture of the cultural landscape, revealing both areas of undeniable strength and opportunities for strategic improvement.
The survey should be conducted across multiple departments and management levels to illuminate this hidden web. The survey attempts to reveal and, therefore, understand the implicit rules that guide interactions, the shared assumptions that underpin choices, and the stories that bind the organization together. The results paint a portrait of the current cultural landscape, revealing both strengths and areas for growth.
The object is to weave together pockets of collaboration and diverse perspectives that were previously hidden, providing a basis for innovative solutions. This report is not merely a collection of data points, but a call to action. Understanding cultural nuances makes both the improvement of some areas and the maintenance of excellence in others possible.
The report should be viewed as data captured at a point in time. The organization should use the results to harness the collective power of its values to navigate the ever-changing digital landscape, ensuring that the inertia of an unexamined culture does not consume its brilliant strategies.
This journey of cultural introspection is not a destination but a continual process. As the organization evolves, so too must its cultural web. By embracing adaptability and open dialogue, organizational leadership can ensure that culture doesn’t devour strategy but instead provides a foundation to build future success.
The Cybersecurity Culture Assessment Tool surveys employees to understand their attitudes and perceptions on cybersecurity matters. Once responses have been collected, the organization scores against factors that drive positive cultural change. These factors include:
- Symbols (leadership commitment)
- Power Structures (management capabilities)
- Organizational Structures (technology & business silos)
- Control Systems (practices/processes)
- Habits & Routines (People)
- Stories (People)
The tool provides actionable insights and advisable next steps based on the results. Organizations can then perform in-depth analysis and filtering to understand their current state better and build a plan to reach their future state.
The report serves as the first step in that journey.
