A third of employees don't understand the importance of cybersecurity
One in three employees doesn't understand the importance of cybersecurity at work according to new research from email security company Tessian.
In addition only 39 percent of employees say they're very likely to report a security incident, making investigation and remediation even more challenging and time-consuming for security teams. When asked why, 42 percent of employees say they wouldn't know if they had caused an incident in the first place, and 25 percent say they don't care enough about cybersecurity to mention it.
By contrast 99 percent of security leaders surveyed agree that a strong security culture is important in maintaining a strong security posture. Yet, despite rating their organization's security eight out 10, on average, three-quarters of organizations experienced a security incident in the last 12 months.
Although 48 percent of security leaders say training is one the most important influences on building a positive security posture, the reality is that employees aren’t engaged. Just 28 percent of UK and US workers say security awareness training is engaging and only 36 percent say they’re paying full attention.
"Everyone in an organization needs to understand how their work helps keep their coworkers and company secure," says Kim Burton, head of trust and compliance at Tessian. "To get people better engaged with the security needs of the business, education should be specific and actionable to an individual’s work. It is the security teams' responsibility to create a culture of empathy and care, and they should back up their education with tools and procedures that make secure practices easy to integrate into people's everyday workflows. Secure practices should be seen as part of productivity. When people can trust security teams have their best interest at heart, they can create true partnerships that strengthen security culture."
There’s a clear generational divide in the findings too, 54 percent of respondents aged 55+ care about cybersecurity at work 'a great deal' compared to just 15 percent of 18-24 year-olds. That explains why older employees are four times more likely to have a clear understanding of their company's cybersecurity policies compared to their younger counterparts, and are five times more likely to follow those policies.
Younger employees are the least likely to see anything wrong with unsafe practices like re-using passwords, taking company data, leaving work devices unattended, or opening email attachments from unknown sources.
You can find out more on the Tessian blog.
Image credit: Siphotography/depositphotos.com