Back to insights

Interviews

Boards must drive an organisation’s culture

by Stephen Conmy

It has often been said that boards must drive an organisation’s culture. Is this true? According to NED and cyber psychologist the simple answer is yes, and here’s why.

Carol Brooks is a business and cyber psychologist interested in cyber investigations and how boards create a total cybersecurity culture. Carol has years’ experience in the public and academic sectors at the board level, working with directors and senior teams and has been a non-executive director with the NHS.

Carol also provides consultancy, training, and development within law enforcement, including counter-terrorism and serious and organised crime at local and national levels.

Carol is a member of the British Psychological Society and the Association for Business Psychology and is the MD of Platinum 3p.

Key takeaways – boards and culture

If you think about culture, you think of it as the feeling of an organisation – it’s the way we do things around here, it’s how people feel about the organisation.
Culture is also about what we hear, what we see, how people behave, how the organisation is designed.
Cyber culture involves more than just the tech side, it has to be broader, and organisations need a more comprehensive, more holistic view.
The total approach to cybersecurity culture is about the people and the human side of the business, it’s about ensuring everyone is on the same page.
Behaviour drives culture. How do people make decisions, what actions do people take? These are indicators of an organisation’s culture.
Boards and senior leadership teams have to drive culture. If cybersecurity, for example, isn’t discussed as a priority at the top level, then a good culture isn’t manifested.
Culture is like a melting pot of organisational factors that make an impact. Behaviours are the outputs.
Good culture emerges from the top of an organisation. Are issues like cybersecurity talked about in a good way or in a bad way? Is there a non-executive who is the champion for cyber culture?
There is an expectation that senior leaders embrace good practice and good cybersecurity culture. If they don’t, bad things will happen.
Senior leaders need to be tuned in to threats. They need to understand what could happen.
When disaster strikes, it usually has to do with poor decisions made at the board level.

Meet our guest

Carol Brooks

Managing Director at Platinum 3p

Rapidly acquire the skills and knowledge you need to lead.

Diploma in Corporate Governance

Diploma in Environmental, Social and Governance (ESG)

Overview of ESG

Company Secretary

Best practice in ESG reporting

The importance of governance in ESG

The director's challenge

Learn and connect with the best in a global community where good governance matters. Become a member today and access:

Webinars

Key Terms Hub

Latest Insights

The Masterclass

Exclusive Preview Premium

Attend online and in-person events to get the practical skills and insights you need to make an impact as a leader.

Webinars

Masterclasses

Information sessions

Webinars

Insightful and thought-provoking content to help you become a great board director.

eBooks

Case studies

Guides

Interviews

Lexicon

News analysis

Member spotlight

Take the director's challenge

Featured eBook

Join the largest global educator of university credit-rated and qualified directors in corporate governance.

Training provider partnership

University partnership

The global leader in corporate governance education.

About us

Faculty

Council

Careers New opportunities

Contact us

Media

Boards must drive an organisation’s culture

Key takeaways – boards and culture

Meet our guest

Currently trending

Related Posts

Are AGMs fit for purpose?

Staying ahead in governance

What is compliance?

Title