A new survey by the email security company Tessian suggests a concerning number of employees are not engaged in their company’s ‘boring’ cybersecurity endeavours.
The study comes as it emerged three quarters of UK and US companies have experienced a security incident in the last 12 months.
The How Security Cultures Impact Employee Behaviour report questioned 2,000 UK and 2,000 US employees as well as 500 IT decision-makers.
Figures revealed 85% of staffers participate in security awareness programmes but a huge 64% do not pay attention and a further 36% said such training sessions are ‘boring’.
And while 30% do not believe they have a part to play in their company’s cybersecurity, many employees do not understand their role in keeping their company secure. Plus, 45% do not even know who they would report security incidents to.
Tessian said that 99% of IT and security leaders they surveyed agreed a strong security culture is important although 45% of IT leaders said incidents of data ‘exfiltration’ have increased in 2021.
This happened as people took data when they left their jobs.
This is concerning as a third of all staffers confessed they took data with them when they left.
Tessians’s report uncovered other trends – including the fact that older employees are four times more likely to have a clear understanding of their company’s cybersecurity policies compared to younger colleagues.
And they are five times more likely to follow those policies.
Practices such as reusing passwords, taking company data or opening attachments from unknown sources, are not seen as risky by younger staffers.
Kim Burton, Head of Trust and Compliance at Tessian, said: “Everyone in an organisation needs to understand how their work helps keep their coworkers and company secure.”
“To get people better engaged with the security needs of the business, education should be specific and actionable to an individual’s work.”
“It is the security team’s responsibility to create a culture of empathy and care, and they should back up their education with tools and procedures that make secure practices easy to integrate into people’s everyday workflows.
“Secure practices should be seen as part of productivity. When people can trust security teams have their best interest at heart, they can create true partnerships that strengthen security culture.”