Security as a company culture

Nearly half of all companies cite a lack of training and an “upsupportive company culture” around security according to the ISC2 security organization. (see article)

The survey was of 700 security professional
46 percent say employees have a “weak understanding” of security policy.
48 percent say there is a lack of training and an overall unsupportive company culture as it pertains to security.

Training is handled a few different ways today:
56 percent offer training or information online
35 percent use employee newsletters
25 percent do in person training

63 percent track whether their security policies are being followed.
60% take action on employees who break policies