Report shows a third of employees don’t think cyber security is important
A recent report from US-based Tessian uncovered that whilst 99% of IT and security leaders were in agreement that a strong security is important, just 30% of employees do not think they personally play a role in maintaining their organisation’s cyber security creating a huge disconnect between what IT leaders are trying to achieve and what the rest of the business is actually doing to support that.
The wrong perception
As a general rule employees focus on what they perceive their role to be and for many that means not seeing beyond the confines of their daily responsibilities, if you work in Marketing why would you think cyber security is anything to do with you? IT department’s problem right?
Well YES and no. It’s certainly the responsibility of IT leaders and departments to ensure cyber security is in place and working as it should, but it’s also the responsibility of everyone to ensure it’s adhered to and that processes are followed, it’s no different to everyone taking responsibility for ensuring there is no one on site who shouldn’t be or making sure the door is locked at the end of the day but when it comes to cyber security the perception is clearly different – and that’s a problem.
What can be done?
Cyber security needs to become part of everyday business and part of regular communication – not just limited to an agenda item for IT teams or a training session which gets wheeled out once a year. To be successful it must become part of organisational culture and that means talking about a whole lot more and introducing ways for employees to engage regularly with the concept including:
- Sharing security updates so that employees understand the impact of changes
- Communicating about security breaches in the press and how the organisation works to avoid the same thing happening
- Regular cyber security training which is personalised and suited to each department and its individual needs
- Cyber security training as standard as part of onboarding
- Making reporting procedures clear and reminding employees of these regularly
- Including cyber security as part of regular organisational communications – made the work that is done to keep data and employees safe a reality.
By making cyber security part of ‘ what the business does’ rather than just what the IT team does it becomes second nature to employees and as a result, will encourage more responsible behaviours and work to close the disconnect between what IT leaders are trying to achieve and what employees actually do.