Security Culture

Safety culture has thirty years of validated measurement tools, standardised instruments, and cross-industry benchmarks. Physical security culture has none that meet the same standard.

Organisations assess security posture through audits, incident counts, and compliance checklists — but not through the shared perceptions, behaviours, and organisational conditions that actually determine how people respond to threats.

This research programme, conducted in partnership with Humanitex, is building the tool the sector has never had.

Why this research matters

The most mature framework for measuring organisational safety culture is the NOSACQ-50 — a seven-dimension instrument built on three decades of safety climate research and validated across industries and nations. It measures management commitment, worker empowerment, risk attitudes, communication, trust, and how much confidence people have in the systems around them.

Nothing equivalent exists for physical security.

Security culture shapes behaviour in ways that technology and policy cannot — and cannot be read from an access control log or a CCTV audit.

That gap matters because security culture shapes behaviour in ways that technology and policy cannot. Whether a staff member challenges an unfamiliar person in a secure area, whether they report a suspicious observation, whether they treat a security protocol as meaningful or as friction — these are cultural and perceptual outcomes, not compliance outcomes. They can’t be assessed through an access control log or a CCTV audit.

Without a validated measurement tool, organisations have no reliable way to understand where their security culture is strong, where it breaks down, or how to improve it.

What we’re doing

Core42 and Humanitex are jointly conducting this research — combining Core42’s protective security advisory practice with Humanitex’s organisational psychology expertise. Together, we are adapting the NOSACQ-50 into a Security Climate Scale (SCS) through a structured expert consensus process followed by organisational pilot testing.

The work is structured in two stages.

Stage 1 — Expert consensus

An expert panel drawn from security, compliance, human resources, regulatory bodies, transport, and critical infrastructure reviews proposed adaptations to each NOSACQ-50 dimension. The panel reaches consensus on which items translate, which require domain-specific reconstruction, and what security-specific constructs are missing entirely.

Stage 2 — Psychometric validation

The adapted scale is tested across a range of organisations to establish psychometric validity — factor structure, internal consistency, and predictive relationships with actual security behaviours.

The Security Climate Scale

The Security Climate Scale (SCS) gives security leaders what safety leaders have had for a generation: a validated instrument for measuring the cultural conditions that determine how people actually respond to threats. The outputs will be designed to inform governance conversations at board and executive level, identify where security culture is maturing and where it is under-supported, and connect cultural measurement to the operational security outcomes that senior leaders are responsible for.

When the scale is ready for organisational use, it will be made available through Core42 and Humanitex alongside the underlying research that supports it.

Publication

Findings from the expert consensus stage and the pilot validation will be prepared for peer-reviewed publication and shared through this page as the research progresses. Register your interest to be notified when outputs are available or when the scale opens for pilot participation.