An internal culture change can help organizations put end-user security on the front burner. If an organization only addresses security once a problem arises, it’s already too late. But it’s common for companies, especially startups, to overlook security because it can get in the way of productivity. (TechTarget)
Organizations that take security seriously are the ones who make security a part of the every-day routine. Not because it is not important, but to ensure that the message of how important it is is driven home every day, multiple times a day. Too often security improvement efforts fail because it is treated as ‘special’ not ‘important.’ There is a difference, and those who recognize it are the ones who realize the benefits of investing in training, policy, and procedure. Aligning security incentives a’la performance incentives exploit the fact that we’re all human, and that’s a good thing.