WYSE Travel Confederation | wysetc.org
Creating a culture of security: your role as a leader
WYSE News | July 28, 2025

Because security starts at the top – and spreads from there.

You’ve now seen the tools, the threats, the processes. But there’s one more piece of the puzzle: people.

No matter how good your firewalls or policies are, if your team sees security as “IT’s problem,” you’ve already lost. A secure organisation starts with culture – and culture starts with leadership.

Let’s talk about how to make security part of your organisation’s DNA – without turning your office into a bunker.

What does a “Culture of Security” look like

It’s not about paranoia. It’s about awareness, responsibility, and good habits. In a security-minded culture:

  • Staff think before clicking on a suspicious email.
  • People speak up when something looks off.
  • Updates get installed. Backups get tested.
  • Vendors get vetted.
  • Leaders take security seriously – and say so out loud.

The warning signs of a poor security culture

  • “Oh, I thought IT handled that.”
  • “It’s just a small risk.”
  • “We’ve always done it this way.”
  • “It was easier to just send it over WhatsApp.”

These aren’t technical problems. They’re cultural ones.

How to build a security-minded culture

  1. Talk about security often – and clearly
    Make it a leadership topic, not just an IT one. Add it to team meetings, strategy sessions, and onboarding.
  2. Make training regular (and non-boring)
    Don’t just do a once-a-year compliance video. Make it interactive, real-world, and relevant to your team.
  3. Reward safe behaviour
    Celebrate the person who reported a phishing email – not just the one who closed a sale.
  4. Encourage people to speak up
    Make it safe to say “I made a mistake” or “This looks suspicious.” Punishing honest errors only makes people hide them.
  5. Lead by example
    Use strong passwords. Enable MFA. Follow your own policies. People notice – and copy – what leaders do.

Leadership’s role

You don’t need to be the one configuring systems – but your tone and attention make the biggest difference.

If you treat security as important, others will. If you ignore it or shortcut it, your team will follow suit.
Security culture is built in everyday choices, conversations, and decisions.

In short…

Technology matters. Processes matter. But if you want real, lasting protection, culture is everything.

Lead the way. Ask questions. Support the team. And remind everyone: security isn’t about being paranoid – it’s about being prepared.

We are pleased to offer WYSE Travel Confederation members these options to increase your cybersecurity and protect your organisation’s data.

UNWTO - UN Tourism - WYSE Travel Confederation affilation

Contact

Subscribe to our newsletter

+31 20 421 28 00

About
Sector Panels
Events
News

Advocacy
Research
Terms and conditions
Privacy policy

UNWTO - UN Tourism - WYSE Travel Confederation affilation UNESCO - WYSE Travel Confederation

Contact

Subscribe to our newsletter

+31 20 421 28 00

About
Sector Panels
Advocacy
Research
Terms and conditions
Privacy policy