Nagan Research Group LLC

Managing Cyber Culture

In order to do this you need to understand that culture matters, culture can be measured, and that culture can be managed.

· Culture matters is best explained by considering several examples. A widely agreed upon reason for Toyota’s product recalls with all the attendant fall out is that Toyota changed its culture from one with a quality focus to one of financial cost control. There are numerous examples of corporate cultures that become fixated upon a single vision and did not change as circumstances changed. Think of Polaroid and DEC.

· Culture can be measured by realizing that culture is composed of a number of attributes (such as is the organization's perspective strategic or tactical, does it view itself as evolving or more static, how are individuals recognized, and is the focus more on achievement or adhering to a process). Each attribute has range of measurable qualities that allow absolute and comparative metrics which can be used to create a culture profile.

· Culture can then be managed because what you measure you can change. And what you measure you can manage. The measures can be used to compare profiles across the company, watch profiles change over time, determine desired profile and develop plans to achieve such.


The relevance of being able to measure and manage culture can be summarized as follows:

· An organization's culture is critical in maximizing the organization’s effectiveness

· Conflicting cultures within an organization can stifle the best of plans

· A dysfunctional culture, one that is not aligned with the organizations goals and objectives, will keep an organization from realizing its potential

If you are having difficulties managing the cyber exposures in your organization and would like to determine if culture might be the cause drop us an email at with the subject culture management.



© 2015 All rights reserved Nagan Research Group LLC

© 2016 All rights reserved Nagan Research Group LLC

For an organization to effectively manage it cyber exposures it must understand and work with the culture of the organization. This means it must become part of the specific values, beliefs and objectives of the organization and communicated throughout the organization.

“When I started at IBM I thought culture was important; when I finished I realized that it was the only thing that was important.”

Lew Gerstner from Who Says Elephants Can’t Dance.