Why invest in a culture of security: Adaptability
The more adaptable your organization is, the more likely you are to reduce its losses and return to normal operations quickly, after an incident.
Adaptability in an organization refers to its willingness and ability to respond swiftly to external and internal changes. Whether driven by market conditions, new regulations, or internal factors like leadership changes or mergers, organizations continuously face change. The distinction between those struggling with transformation and those thriving lies in their capacity to adapt.
How Security Incidents Drive Adaptability
Cybersecurity incidents trigger urgent organizational change, causing data loss, operational disruption, downtime, and financial damage. Organizations better prepared recover faster. Those capable of adapting to incident-driven changes reduce losses and resume normal operations more quickly.
Features of Adaptability
Research identifies key characteristics of adaptable organizations:
- More responsive to external events impacting the business
- Faster at implementing policy revisions and adopting required changes
- Better equipped to handle cybersecurity incidents
Successful adaptation requires three elements:
- Noticing change when it occurs
- Finding new approaches and alternatives to respond
- Possessing knowledge, skills, resources, and commitment to enable and manage change
The third element deserves emphasis. During the pandemic, organizations most prepared to adapt thrived financially, while slow-adapting organizations fell behind.
The Challenge of Resistance to Change
Organizations resistant to change face business consequences. Cybersecurity threats exploit this resistance. Business email compromise exemplifies how criminals gain access and exploit systems through fake invoices. Simple controls could mitigate such scams, yet organizations typically implement changes only after experiencing threats themselves.
The Praxis Process
Praxis Security Labs recommends engaging organizational psychology experts and implementing iterative processes like the Praxis Process — a seven-step model for reforming organizational culture and building dynamic capabilities across employees, technology, and processes.
This approach improves adaptability and resilience, reduces employee friction, manages risk, and increases profitability and security.
This is the second post in a series exploring outcomes of forming and managing a security culture within organizations.
Ready to measure your security culture?
Connect your Microsoft 365 and see months of employee security behavior data in 15 minutes. Free 30-day trial.
Start Free Trial