New survey data from security vendor nCipher uncovers why organizations are finding it difficult to engage users to participate willingly in security-minded processes and behaviors.
Getting an organization to change the way it does business isn’t easy. It involves a lot of planning, budget, communication, training, and testing. According to nCipher’s Infosecurity Survey 2019, 29% of security spending involves employee training and 83% of organizations offer some level of cybersecurity training to employees.
And yet, according to the report, 66% of organizations find users unwilling to adapt to more secure processes and behaviors.
So, why are organizations having a tough time?
According to the survey, some of the issues that may be responsible are:
- A lack of skilled resource in-house to conduct training (67%)
- A lack of support from the board and wider C-suite (55%)
- A lack of best practice guidelines to work towards and implement (63%)
Adoption by users is the key to a security culture. And, it seems from the report data, that organizations are merely walking through the paces of security training, rather than making a concerted effort to actually change the culture within the organization – one that involves getting executive buy-in and support, proper planning, leveraging employee security champions, and utilizing new school Security Awareness Training that goes beyond the infrequent breakroom training and ineffective email updates sent out by IT.