Strategy and culture are amongst the primary levers at the disposal of leaders. While a strategy provides direction and outlines a vision, it is the culture that expresses the goals of an organisation through its values and beliefs. Culture is an unspoken set of behaviours, mindsets and social patterns which reflects a shared unity amongst a group. As security leaders, we are positioned to influence existing cultures and to set change in motion that will influence and imprint the behaviours and assumptions that future generations of a workforce will consider the norm. It is crucial that we remain cognisant of the subtle changes within the multiple cultures which surround us in an organisation and that we adopt appropriate measures in order to deftly influence the process of change. While the subtlety and ambiguity which maybe assumed when we consider the topic of culture can be daunting, it can be managed. The first thing we have to do is to become fully aware of how it works.
What Is Culture?
Culture reflects the social order of an organisation. It defines the actions that are encouraged, accepted, discouraged or rejected within a group of people. It is malleable and being flexible in its evolution according to changes in environments and the opportunities they offer. In the wealth of academic literature which has considered the concept of culture, four common themes can be identified.
Culture is shared, pervasive, enduring and implicit.
Cultural change must therefore be well planned and supported across all levels of an organisation, if it is to be effective. Any change must be designed and measured against aspirations to improve organisational performance. A phased approach to cultural change should therefore begin with the determination of the culture that presently exists within an organisation. After this, it is possible to define an aspirational target culture. Engaging across all levels of a workforce throughout, leaders must effectively articulate the culture aspiration, so as to encourage the development of change leaders and champions across all sectors of a workforce.
What Is A Security Culture?
Security culture refers to the set of values, shared by everyone in an organisation, that determine how people are expected to think about and approach security. Developing and sustaining an effective security culture is an essential component of a protective security design and helps mitigate against a range of threats that could cause physical, reputational or financial damage to your organisation. Getting your security culture right will help to develop a security-conscious workforce and promote the desired security behaviours you want from staff.
An effective security culture can offer a range of benefits:
A workforce that is more likely to be engaged with, and take responsibility for, security issues
Increased compliance with protective security measures
Reduced risk of insider incidents
Awareness of the most relevant security threats
Employees are more likely to think and act in a security-conscious manner
ERG can work with you to embed an effective security culture where security is a collective responsibility shared by everyone in an organisation and where individuals display greater levels of security mindedness.
How Can We Influence Change?
The vision of an aspiration culture provides high-level principles to guide organisational incentives, influenced and aligned to present business and environmental challenges and opportunities. The leadership of this change program requires for strong and appropriate leaders to be selected and developed, who align with the target culture. Charismatic delivery of change messages can help to re-engage incumbent leaders who may be otherwise unsupportive of design change. Effective training and education can help to re-energise individuals and develop them into powerful champions of change. It is through informal conversations amongst partners, that shifts in the shared norms, beliefs and implicit understandings with an organisation take place. As teams and individuals begin to identify the changes within their leadership and in the tone of messaging, they begin to behave differently themselves, thereby creating a positive feedback loop. A variety of organisational conversations, informal and formal, ranging from lunchtime conversation, structured group discussions and roadshows can all support cultural change. Social media platforms and internal workplace chat rooms can also support this process. This widespread discussion can be cultivated and managed by change champions, who advocate for a cultural shift through their language and importantly through their actions.
It is crucial that the desired change is reinforced through organisational design, structure, systems and processes. This will help to instigate new cultural styles and behaviours, supporting the change throughout. Change delivery and practices can help to reinforce the delivery of the aspiration of culture and help to reinforce appropriate behaviours.
Relational Security. A Paradigm Shift
When we consider organisational culture, we are typically considering cognitive culture; the shared intellectual values, norms and group assumptions. Cognitive culture defines appropriate behaviours and choices at work, which can influence attitudes towards factors such as the pace and timeliness of deliverables. While this is unquestionably important, a crucial factor in the development of security culture is our influence upon a group’s emotional culture. This considers our shared affective values, norms and assumptions that govern the emotions that people have and express at work and potentially the ones they can effectively suppress. Developments in the consideration of the ‘affective revolution’, would suggest the influence that positive emotions in a workplace can have upon organisational performance and in our view, organisational security. The display of compassion rather than callousness and indifference, joy and pride instead of anger and dissent, can encourage the development of positive cultures and influence behavioural choices which are made from a place of emotional and psychological safety, which supports individuals cognitive abilities to make better risk-based decisions. Positive emotions can impact and influence how individuals perform tasks, how engaged and creative they are, how committed they are to an organisation and how they make decisions. By adopting a caring approach towards our teams and partners we are encouraging the development of effective workplace behaviours, performance and crucially encouraging individuals to care about the way they behave and the ramifications of the decisions they make on a day-to-day basis. This, in essence, lies at the core of an effective and positive security culture, a secure and resilient business and a happy and high performing workforce.
Developing an understanding of culture and the approaches we can adopt to elicit positive changes in our security culture provides the basis for our delivery of relational security. This approach to security is however different in that it does not rely upon the direct design and implementation of security solutions, delivered in the form and deployment of people, processes and technology, but rather it is dependent upon the effective adoption of proactive and positive behaviours on the part of every member of a team and organisation. It is about caring for and understanding people. It is this approach to security that clearly emphasises the fact that it is people who are an organisations threat, vulnerability and strength.
Relational security is the knowledge and understanding we have of each other and of our environment, and the translation of that information into appropriate behaviours and choices.
Relational security is not simply about having ‘a good relationship’ with each other. Safe and effective relationships between partners and adopting appropriate behavioural choices both in and outside of the workplace, aligned with organisational and national guidance, rules and regulations, is crucial to protecting people, assets and reputation.
What are we doing?
ERG can provide you with guidance on developing a positive security culture across your workforce and provide training to improve your levels of relational security. We can help you to develop an appropriate blend of physical, information, personnel, procedural and relational security, to best protect your organisation. The balance between these three dynamics often shifts, requiring for you to change your plans to meet the needs of a particular situation. However, it is essential that all three are in place at all times, and one should never substantially compensate for the absence or ineffectiveness of another.
We can help to develop your ability to identify, assess and respond to threats.
SEE : THINK : ACT
We all function better when we understand the rules. Everyone needs to understand what the appropriate processes and boundaries are and why they are so important.
Now you know what the processes and non-negotiable boundaries are, do you think you, or someone else, might have stepped over the line? If so, you need to take action and stop it now. Think about what you can do now to report it, respond and get things back on track.
You can improve relational security by
• Being clear about what the rules are
• Staying alert to your environment and how your partners are behaving and interacting with one another
• Speaking to someone about your concerns
• Being prepared and knowing how to act
Get in touch with us to discuss your needs.