Healthy Security Cultures Want People to Report Risks

The article discusses the importance of healthy security cultures where employees feel safe reporting risks. It highlights the shift from fear-based risk management to one that rewards risk identification and progress. A living risk management program, risk registries, and transparency are key factors in fostering a healthy security culture. The article also emphasizes the need for objective ways of measuring cyber risk and the challenges CISOs face in communicating risk to the board.