The Importance of Cybersecurity Baffles 1 in 3 Employees

According to one in three employees, as highlighted in a new piece of research, they are not personally responsible for maintaining the cybersecurity of the company they work for. Plus, only close to 40% of employees said they would report a security incident, with many employees suggesting that they wouldn’t. This is largely due to two fifths of employees not knowing if they were the cause for the security incident, and a quarter of employees not caring enough about cybersecurity enough to tell anyone about a problem. This makes it harder for security experts to investigate and solve security problems.

The Importance of Security Culture

Almost all IT and security leaders agree that a strong security culture is important in a workplace, and that it plays a part in maintaining a strong security posture. However, three quarters of organisations experienced some sort of security incident in the past year, despite many of them rating their security efforts as an eight out of ten. This could be due to an obvious reliance on traditional training programs, with almost half of security leaders saying that training is one of the main things to impact whether or not a company has a positive security posture.

However, there seems to be a problem with employees engaging with cybersecurity training. Only 28% of UK and US workers claim that security awareness training is engaging, and only 36% say they pay full attention to security training programs. Out of the employees who have had training, only half found it helpful.

Security Risks Aren’t Reported

There is a problem with employees not reporting security risks, with half of them feeling as though clearer reporting processes are needed. However, 80% of security leaders feel as though there are clear processes in place for employees to give reports and feedback. This suggests a disconnect and that clearer processes are needed, and that employees aren’t fully aware of the risk a security incident brings to a company.

Generational Differences Between Online Cybersecurity Perceptions

It has been revealed that there are clear generational differences between the way various age groups perceive cybersecurity culture. Those aged between 18 and 24 are much more likely to say that they have had a negative experience with phishing online, compared to those aged 55 and up. However, older employees are more likely to understand the cybersecurity policies of their workplace. They are more likely to adhere to the policies.

When it comes to risky cybersecurity practices such as reusing passwords, taking company data and opening attachments from unknown sources, younger employees are the least likely to see anything wrong with these practices. Younger employees are least likely to see danger or risky cybersecurity practices, such as reusing passwords and opening attachments from someone they don’t know.