Conclusion: There are two compelling information security reasons for creating a sense of purpose and ownership within an organisation. The first is that a sense of purpose and ownership will empower staff so that they move from responding to basic security hygiene matters, towards pre-empting issues. The second reason is so that organisations look out beyond themselves and work towards a more resilient ecosystem.
This level of resilience maturity is vital and will be driven by leadership and a continuing commitment to talent development. Astute security leaders will use cultural indicators such as engagement and sense of purpose and ownership, as a guide to the ability of the organisation to withstand security incidents.