New research by email security firm Tessian highlights a worrying disconnect between employees and security leaders in relation to workplace cybersecurity.
A survey of 2,000 UK and US employees found a significant proportion of workers do not feel engaged in their organisations’ cybersecurity efforts. For instance, three out of ten said they did not personally play a role in maintaining their firm’s cybersecurity posture, while a fifth said they did not care about cybersecurity at work. Additionally, only four in ten employees were very likely to report a security incident, a finding which makes investigation and remediation a more challenging task for security teams.
In contrast, virtually all 500 security leaders surveyed agreed that a strong security culture is important in maintaining a strong security posture. However, despite respondents awarding their firms an average security rating of 8 out of 10, three-quarters admitted their company had experienced a security incident in the last 12 months.
The researchers concluded that firms need to ensure employees are better engaged with their organisation’s security needs. This can be achieved through targeted security awareness training that is specific and actionable to an individual’s work, and development of clear procedures that make secure practices easy to integrate into people’s workflows.