Cybersecurity, ransomware and data breaches are among the terms most businesses speak about the past few years. It’s a result of a few other key buzzwords that have shaken up the workplace since 2020 – hybrid, remote, virtual, digital transformation, just to name a few. Business leaders, for the most part, do invest in the technologies needed to protect their business against attacks, but there is one element that plays a big role in potential data breaches – employees. Human error happens, and with a continued increase in attempts, the odds are staked against businesses. Someone is likely to make a mistake.
Here’s an important question: Are employees showing enough concern toward cyber threats?
The answer, quite simply, is no, they do not. In fact, a little more than a third of employees express little to no concern about data theft at work, and 20% believe they cannot be targeted at all by cyber criminals, according to a Terranova Security’s survey “From Data Protection to Cyber Culture.”
U.S. employees simply are not aware that they play a factor in cyber defenses because they still believe the IT department is responsible in protecting company data. This mindset comes down to the fact that U.S. businesses fail to provide employees with enough education on common cyber threats and security best practices. Only 41% of surveyed employees say they work in a company where cybersecurity awareness training is mandatory.
"The research shows that there's some work to do on educating people about the important role they play in protecting data at work, but the responsibility doesn't just fall on them," said Theo Zafirakos, chief information security officer, Terranova Security. "It's clear that security awareness training fell by the wayside for many American businesses, even though cybercrime is rising, and that's a concern.”
The concern is that 43% of employees do not participate in any cybersecurity training at all, and nearly a third indicated that their company does not offer any relevant training. These are worrying training rates, for sure.
But, here is the kicker. These low training rates aren't due to a lack of interest from employees. More than three-fourths of employees find cybersecurity training interesting. The low training rates come from the fact that businesses do not make cybersecurity training mandatory.
In an age where cybersecurity is a concern for most businesses, one would think cybersecurity training would be and at the top of the onboarding and education list. Employees are the first line of defense against cyberattacks. Education, training and a data security culture are the ways to, as Zafirakos said, set up a strong barrier against cyber threats.
Edited by Erik Linask