HEALTHY security cultures are shifting from fear of risk to celebration of identifying and learning from it, with organisations encouraged to raise their hands and speak up without blame. The piece argues that a living risk management programme, driven by continuous threat identification and assessment, helps teams and leaders stay transparent and proactive, reducing mental strain and boosting accountability.
It highlights how risk ownership and reporting structures—such as risk registries and clear channels to security teams—are essential for evidence-based decisions and rapid response when incidents occur. Key voices include Drata CISO Matt Hillary, who recalls how shaming risks can erode influence, and BitSight CEO Stephen Boyer, who describes humility and built-in milestones as stabilising features of a healthy culture.
The article also stresses board and executive involvement to enforce transparency, and discusses the move toward objective cyber risk metrics and monetary and likelihood measures to secure resources for a growing list of cybersecurity issues. Arielle Waldman, Dark Reading, 23 January 2026.