How to Analyze Your Security Culture Results
To analyze your security culture results, you should focus on trends over time rather than a single measurement.
How often should you get new results?
We recommend doing a new measurement every 6 months, or after big changes in your company.
Then you can compare periods, identify categories that consistently score low, and use the insights to guide management discussions and long-term security initiatives.
How to analyze the results
Here’s what to do:
-
Start with the overall score and ask: Is it improving, and does it change in response to initiatives or campaigns?
-
Check the scores by category to see which areas are weakest (for example, accountability, psychological safety, leadership support).
-
Check the employee feedback to identify returning weak spots in your defense and to better understand low or high categories.
-
Use the results to select 1-3 focus areas for improvement, and share the insights in management discussions.
-
Plan to repeat the assessment later, so you can track progress over time.
You can also compare yourself to other organizations by looking at the benchmark data. You can read more about how to work with benchmark here.
What if this is my first measurement?
If this is your first Security Culture assessment, use it as your baseline.
This first round is primarily about understanding where you stand today—not about fixing everything at once.
Every survey after the first helps you understand how your security culture is evolving.