Southeast Asia faces cyber threats that are growing in complexity and frequency, fuelled by emerging technologies such as AI. In Singapore alone, over 8 in 10 organizations have encountered a cybersecurity incident within the past 12 months. With organizations working hard to get ahead of the threats, IDC predicts a surge in cybersecurity spending in the region this year.
While cybersecurity spending is set to rise across the region, technology alone isn’t enough. True resilience requires a shift in mindset — where security is embedded into the organization’s DNA and is embraced by every employee.
Start with “Why” and Make It Meaningful
Security initiatives are often met with resistance, not because they’re wrong, but because they’re misunderstood. To bring your workforce along, how you communicate matters just as much as what you’re changing:
- Start with a clear story: People are more open to change when they understand why it’s happening.
- Understand your audience: There’s no one-size-fits-all approach. Take time to learn your employees’ roles, goals, and challenges. The better you understand their world, the better you can explain the story behind security changes in a way that resonates and brings them along on the journey.
- Treat your workforce like customers: Building strong relationships is key to fostering a lasting, security-first culture.
People are the heart of a culture of security
People are at the heart of any cultural shift, especially in security. One effective way to engage and educate the workforce is to involve them early on in the process. At Okta, we pair early engagement with threat-based insights, making risks feel real and relevant to their day-to-day role. This drives deeper investment from employees and helps them co-create a culture of security.
Partnerships are also essential. While it’s easier in a security-focused company, others may need a two-pronged strategy that secures leadership buy-in, and empowers grassroot advocates, like security-conscious engineers or seasoned HR professionals.
And don’t go it alone – create a culture of collaboration with internal teams like Security Awareness and Education to promote secure behaviours, drive awareness, and help every employee level up their security skills.
Measure What Matters and Start Now
Keeping a pulse on the right data will help organizations measure progress, identify where they’re falling behind or what they’re doing well, and make tasks sustainable and repeatable. Having the cold hard facts in numbers, percentages and trends will track how the organization is doing and provide the opportunity to course-correct and improve, if necessary.
Use the metrics you have available and build on them. Often, people can struggle to select the right data points to measure, so take the time to assess the data available and the quality of that data. There is a strong chance other teams will be the custodian of the data you need – so work with them to finesse the data as needed – but get started and don’t wait for perfection – it doesn’t exist.
Security Culture takes time and everyone has a role to play
Creating a lasting security culture takes time. While it’s essential to stay focused on the end goal, teams must recognize that cultural change is a long game that requires persistence, adaptability, and flexibility.
In 2024, Okta launched the Okta Secure Identity Commitment – our long-term strategy to lead the industry in the fight against Identity-based attacks. We knew lasting impact would take more than tools; it would take a culture of security. Our innovative approach to fostering a robust security culture can help any organization make security a shared value, not just a function.
Security can’t live in policies alone. It thrives when every employee actively understands, practices and champions secure behaviors. That’s how organizations move from compliance to commitment.
About the author
Jen Waugh is Senior Director of Security Culture for Okta. She leads the global team responsible for building a world class security culture capability. Jen’s team is focused on the human side of security enablement, leaning into Okta’s Secure identity Commitment. Prior to joining Okta, Jens experience includes security leadership roles in EY and Pepper Money.
