1 in 3 employees don’t understand the importance of cybersecurity

-

Nearly one in three (30%) employees do not think they personally play a role in maintaining their company’s cybersecurity posture, according to new research from email security company Tessian.

Also, only 39 percent of employees say they are very likely to report a security incident, making investigation and remediation even more challenging and time-consuming for security teams.

When asked why, over two-fifths (42%) of employees said they would not know if they had caused an incident in the first place, and 25 percent say they just do not care enough about cybersecurity to mention it.

“Everyone in an organization needs to understand how their work helps keep their coworkers and company secure,” said Kim Burton, Head of Trust and Compliance at Tessian.

Get our essential weekday HR news and updates.

This field is for validation purposes and should be left unchanged.
Keep up with the latest in HR...
This field is hidden when viewing the form
This field is hidden when viewing the form
Optin_date
This field is hidden when viewing the form

 

 

A security culture is important

Virtually all IT and security leaders surveyed by Tessian (99%) agreed that a strong security culture is important in maintaining a strong security posture.

Yet, despite rating their organization’s security eight out of 10, on average, three-quarters of organizations experienced a security incident in the last 12 months.

The report suggests this could stem from a reliance on traditional training programs; 48 percent of security leaders say training is one the most important influences on building a positive security posture.

But the reality is that employees aren’t engaged; just 28 percent of UK and US workers say security awareness training is engaging and only 36 percent say they are paying full attention.

Of those who are, only half say it is helpful, while another 50 percent have had a negative experience with a phishing simulation.

With recent headlines depicting how phishing simulations can go awry, negative experiences like these further alienate employees and decrease engagement.

  

Employees do not report security risks

The report also reveals a disconnect when it comes to reporting security risks.

A staggering 80 percent of security leaders believe robust feedback loops are in place to report incidents.

However, less than half of employees feel the same, suggesting clearer processes are needed so that security teams have greater visibility of risk in their organization.

 

Cybersecurity culture perceptions

The report also revealed generational differences when it comes to cybersecurity culture perceptions.

The youngest generation (18- 24 year olds) is almost three times as likely to say they have had a negative experience with phishing simulations when compared to the oldest generation (55+).

In contrast, older employees are four times more likely to have a clear understanding of their company’s cybersecurity policies compared to their younger colleagues, and are five times more likely to follow those policies.

When it comes to risky cybersecurity practices such as reusing passwords, taking company data and opening attachments from unknown sources, younger employees are the least likely to see anything wrong with these practices.

“To get people better engaged with the security needs of the business, education should be specific and actionable to an individual’s work. It is the security teams’ responsibility to create a culture of empathy and care, and they should back up their education with tools and procedures that make secure practices easy to integrate into people’s everyday workflows. Secure practices should be seen as part of productivity. When people can trust security teams have their best interest at heart, they can create true partnerships that strengthen security culture,” says Burton.

Amelia Brand is the Editor for HRreview, and host of the HR in Review podcast series. With a Master’s degree in Legal and Political Theory, her particular interests within HR include employment law, DE&I, and wellbeing within the workplace. Prior to working with HRreview, Amelia was Sub-Editor of a magazine, and Editor of the Environmental Justice Project at University College London, writing and overseeing articles into UCL’s weekly newsletter. Her previous academic work has focused on philosophy, politics and law, with a special focus on how artificial intelligence will feature in the future.

Latest news

Superdry co-founder’s victim warns workplace power can silence abuse victims

A survivor's account raises questions about speaking-up cultures and accountability in organisations.

UK’s always-on work culture ‘driving employee burnout’

Nearly half of UK workers say they end most working days mentally exhausted as rising workplace pressure leaves employees and managers struggling to switch off.

Andrew Murray on why no two days look alike

A people development leader shares how travel, training and a passion for helping others shape a working day with little room for routine.

Lucy Standing: Older workers are back in the centre of the hiring debate – ready to lead the response?

For HR leaders, the argument is simple: the people being filtered out of your hiring process are not past their best.
- Advertisement -

One in 10 women quit work after pregnancy loss, report finds

Research suggests inconsistent workplace support following pregnancy loss and maternity leave is contributing to resignations and poorer mental wellbeing.

Fear of becoming obsolete grips workers as AI reshapes careers

More than two in five workers worry their skills could become outdated as AI reshapes hiring demands and increases pressure to keep learning.

Must read

Workplace Disputes – a duty to mediate?

Between 2004 and 2009, employers and employees had to...

Ensuring the future health of organisations throught real leadership

Good economic climates hide many flaws in organisations, and...
- Advertisement -

You might also likeRELATED
Recommended to you