Three-Quarters of Employees Feel It’s the Company’s Job to Ensure Security, Despite Three-Quarters Also Personally Experiencing a Cyberattack

Companys SecurityEven with employees seeing cyberattacks first-hand and understanding the seriousness of such attacks, organizations have a culture problem where users just don’t care.

I’ve long held the position that the employee needs to play a role in the organization’s cybersecurity stance – something achieved through creating a security culture that starts with Security Awareness Training. New data from security vendor Terranova’s From Data Protection To Cyber Culture report shows that employees don’t have this frame of mind – and it’s a lack of training to blame.

According to the report, there’s a huge disparity between an employee’s experience with cyberattacks, and how they think the problem should be addressed:

  • 76% of employees in France, the UK, Canada, Australia, and the US say a cyberattack has personally targeted them or that they know someone who has
  • 78% say it’s the job of the company’s IT department to ensure the company’s cybersecurity stance
  • Only 20% of employees say they pay attention to cybersecurity despite it not being a part of their job

Part of the problem is that employees themselves don’t have a solid fundamental knowledge of cyberattacks, good cyber hygiene, and security awareness best practices:

  • Only 30% of employees say that their personal cybersecurity knowledge is good
  • Only 10% of employees say that they, their company, and their colleagues have an excellent level of cybersecurity knowledge

Part of the problem is that only 38% of employees surveyed said that their company has set up a mandatory cybersecurity awareness program for all. This, despite the fact that over three-quarters (79%) state that they are interested in security awareness training, even if their company does not offer it.

Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Request a Demo!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Free Phishing Security Resource Kit

Get the latest about social engineering

Subscribe to CyberheistNews