The AP just reported that in Japan, “even with the frequency and severity of cyberattacks increasing rapidly worldwide, efforts by the world’s third-largest economy to improve its data security are being hobbled by a widespread corporate culture that views security breaches as a loss of face, leading to poor disclosure of incidents or information sharing at critical moments… .” The article quotes William H. Saito, the top cybersecurity adviser to Prime Minister Shinzo Abe, who notes that the problem is twofold. Rank-and-file workers fear reporting security lapses may get them punished, and there is a lack of understanding of cybersecurity among Japanese executives. According to Saito, “This is Japanese culture where in some situations the upper management doesn’t know how to use email and IT integration is voodoo magic.”
In much of the world the story is similar. Requirements for sharing information do not exist, and standards of acceptable behavior are in very formative stages of development. Unfortunately, this tilts the scales dramatically in favor of cyber criminals. Trying to change national culture around cyber preparation is a very challenging task.
By Tom Davis, SDI Cyber Risk Practice
SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.
You can view previous blog posts on cyber risk management here.
November 10, 2015