This article examines the levels of security acceptance that can exist amongst employees within an organisation, and how these levels relate to three recognised levels of corporate culture. It then proceeds to identify several factors that could be relevant to the development of culture, from traditional awareness-raising techniques through to context-aware promotion of security.