A Change Management perspective to implementing a cyber security culture

There has been an increasing prevalence of global cyber attacks. Because of the possible breaches in information
security, it has become pertinent that organisations change organisational and individual cultures to become more secure.
However, there are challenges regarding the implementation of these processes within organisations. Organisations have
become dependent on information systems, which stores large quantities of data and can be considered as one of an
organisation’s greatest assets. Whilst employees are considered as the next important asset, their negligence, whether
intentional or not, and due to their possible lack of knowledge regarding information security, have also become one of the
biggest threats to information security. Employees often fall victim to phishing scams, malware and ransomware attacks.
Whilst many consider the implementation of information security awareness initiatives as a solution to this impending
threat, more often than not organisations utilize presentations to address information security awareness training. This
approach has not been successful as the target audience has difficulty in retaining the knowledge, and this often hinders its
proper implementation. Change management not only involves the change in processes and tools but also focuses on the
techniques used to manage the cultural change within organisations. This paper ‘encodes’ awareness training for
information security and cyber security from a change management approach and provides best practice approaches in
changing an organisation’s culture from an insecure culture to a secure one.