Security culture is that “social” operating system that guides and guides employees to integrate security awareness and behaviors into their daily lives. When a significant incident happens, the focus in a toxic environment immediately goes to whos to blame. The average tenure of a CISO is less than three years, according to a 2019 survey of 408 CISOs by Nominet. Industry leaders offer five tell-tale signs that your security culture is toxic, and how to get the security culture you want.”]