10 September 2025
Giorgio Di Grazia
Pre-Sales SpecialistCloud & Cybersecurity
Market and Trend
' di lettura
In the world of cybersecurity, incidents aren’t just likely—they’re inevitable. Human error, process flaws, technical vulnerabilities… sooner or later, something goes wrong. But what distinguishes a resilient organization from a vulnerable one is how it responds.
Punishing those who make mistakes does not help prevent the next one. A paradigm shift is needed. Just Culture is needed.
Just Culture originated in high-risk contexts such as aviation and healthcare. The underlying idea is simple: to encourage people to report problems without fear of automatic punishment.
It is a culture of accountability that distinguishes between honest mistakes and irresponsible behavior without necessarily seeking scapegoats.
The goal? To foster transparency, learning, and prevention. Instead of asking “who was at fault?”, we start with “what went wrong?” to strengthen the system.
In the context of cybersecurity, this approach is still not widely adopted. Yet, it is essential for building an organization capable of learning from incidents, reducing human error, and proactively addressing threats.
Friday evening. Marco, a system administrator, receives a critical alert from the SOC about a vulnerability. He decides to wait until Monday. Overnight, an attack compromises the entire DMZ. The next day, Marco is accused of negligence.
But is it really all his fault?
A deeper analysis reveals systemic causes: -No defined escalation procedure
-Poor communication between the SOC and IT
-A weak security culture
-Marco was alone and overworked
-Lack of a clear emergency procedure
Marco made a mistake, yes. But he was not in a position to make the right choice. The error was merely the visible effect of broader systemic issues.
Just Culture teaches that human error is never solely personal, but rather stems from latent conditions for error embedded within procedures, technologies, and corporate culture. Blaming someone without analyzing the context means missing an opportunity to learn and improve.
Here is what changes when you adopt this approach:
1. More trust, more reporting In an environment where reporting an error does not lead to automatic penalties, people feel safe reporting vulnerabilities and near-misses. This provides valuable data to prevent future problems.
2. Systemic analysis, not individual blame With Just Culture, the focus is on identifying root causes: deficiencies in processes, technologies, communication, or resources. This is the only way to reduce the likelihood of recurrence.
3. Continuous learning
Every incident is an opportunity to improve. With a constructive approach, procedures are updated, training is strengthened, and strengthens the organization as a whole.
4. Security is a shared responsibility
Cybersecurity is not the responsibility of IT or the SOC alone. Everyone—developers, managers, HR—must be involved. Security is the result of shared responsibility.
5. Less room for human error
Automating critical processes, creating checklists, and simplifying tools—all of this reduces the burden of individual decision-making and prevents errors before they occur.
Deda Tech has transformed Just Culture into a concrete service: Red Button, an intervention and coordination model that goes beyond the technical response.
Red Button does not merely resolve attacks: it analyzes, learns, and helps organizations evolve.
It does not seek culprits, but solutions. It does not just put out fires: it builds prevention.
A profound change is needed: cybersecurity is not just technical—it is also cultural.
Only by building trust, shared responsibility, and the capacity for continuous learning can organizations address complex and unpredictable threats.
Deda Tech promotes a model in which collaboration, transparency, and resilience become the key tools for the future of cybersecurity.
Sezione commenti: