A third of employees don’t understand the importance of cybersecurity, and only 39% of employees say they are very likely to report a security incident, making investigation and remediation even more difficult and time-consuming for security teams .
When asked why, 42% of employees say they wouldn’t know if they caused an incident and 25% say they don’t care enough about cybersecurity to talk about it.
In contrast, 99% of security managers surveyed agree that a strong security culture is important to maintaining a strong security posture. Yet despite rating their organization’s security an 8 out of 10, on average, three-quarters of organizations have experienced a security incident in the past 12 months.
Although 48% of security managers say training is one of the most important factors in establishing a positive security posture, the reality is that employees are not engaged. Only 28% of UK and US workers say safety training is interesting and only 36% say they pay attention to it.
“Every member of an organization must understand how their job contributes to keeping their colleagues and the company safe.“, explains Kim Burton, head of trust and compliance at Tessian.For people to become more engaged with company safety needs, education must be specific and applicable to an individual’s job. Security teams have a responsibility to create a culture of empathy and care, and they must back up their training with tools and procedures that make it easy to embed secure practices into people’s daily workflows. Safe practices should be considered part of productivity. When people can trust that security teams have their best interests at heart, they can create real partnerships that reinforce the culture of security.”
The results also reveal a clear split between generations: 54% of respondents aged over 55 care “a lot” about cybersecurity at work, compared to only 15% of 18-24 year olds. This explains why older employees are four times more likely to fully understand their company’s cybersecurity policies than their younger counterparts, and are five times more likely to follow those policies.
Younger employees are the least likely to see anything wrong with unsafe practices like reusing passwords, stealing company data, leaving work devices unattended, or opening rooms email attachments from unknown sources.
Source : Tessian
And you?
Do you find this study relevant?
Is cybersecurity training and awareness training of interest to employees in your organization?
What about the carelessness of young employees? do you also encounter this problem in your company?
See as well :