Lack of awareness is the biggest security failing or cause of a data breach within organisations.
Employees feel this is having a significant impact on security posture, with 43 percent stating their organisation is ‘not at all prepared’ for a security breach.
Almost a third (30.9 percent), however, do think their company is very well prepared, and a further 26.1 percent moderately well prepared.
Security vulnerabilities were cited by almost a quarter (23.3 percent) of respondents as the biggest security failing or cause of breach within their company, followed by lack of control over third parties (17.1 percent). Lack of senior involvement in cybersecurity isn’t considered a major issue, with only 9.7 percent believing it is their organisation’s most serious cybersecurity problem.
You might also like
Employees’ lack of engagement
On the whole, employees are willing to play their part in protecting company data, though a third (34.4 percent) believe they should not be held solely accountable if a breach occurred. One in five feel it would be ‘unfair’ to be held accountable, with more than a quarter saying they ‘wouldn’t care’ if they were held accountable. This suggests a lack of engagement or, again, awareness of what their responsibilities should be around protecting data and the true impact of failing to do so.
When asked about securing company data from attacks while working remotely, 38.6 percent of respondents find securing their devices is the biggest challenge they face. Reducing pressure on staff is the greatest challenge for 22.9 percent, followed by securing the environment (19.8 percent). Almost one in five (18.6 percent) haven’t noticed any change in terms of security challenges since they started remote working.
Nicole Mills, exhibition director at Infosecurity Group, says the poll suggests there’s some progress still to be made on empowering individuals and organisations to play an active role in enhancing cybersecurity, with lack of cybersecurity awareness highlighted as a major problem.
“Nor do most employees have faith that their organisation is well prepared for a breach,” she said. “There’s clearly as much work to do in the culture space as the technology space when it comes to empowering and equipping people to ‘do their part’ – particularly around education to build cybersecurity awareness, knowledge and skills.”