Employees don’t think cyber security is important – here’s how to change it

Report shows a third of employees don’t think cyber security is important

A recent report from US-based Tessian uncovered that whilst 99% of IT and security leaders were in agreement that a strong security is important, just 30% of employees do not think they personally play a role in maintaining their organisation’s cyber security creating a huge disconnect between what IT leaders are trying to achieve and what the rest of the business is actually doing to support that.

The wrong perception 

As a general rule employees focus on what they perceive their role to be and for many that means not seeing beyond the confines of their daily responsibilities, if you work in Marketing why would you think cyber security is anything to do with you? IT department’s problem right?

Well YES and no. It’s certainly the responsibility of IT leaders and departments to ensure cyber security is in place and working as it should, but it’s also the responsibility of everyone to ensure it’s adhered to and that processes are followed, it’s no different to everyone taking responsibility for ensuring there is no one on site who shouldn’t be or making sure the door is locked at the end of the day but when it comes to cyber security the perception is clearly different – and that’s a problem.

What can be done? 

Cyber security needs to become part of everyday business and part of regular communication – not just limited to an agenda item for IT teams or a training session which gets wheeled out once a year.  To be successful it must become part of organisational culture and that means talking about a whole lot more and introducing ways for employees to engage regularly with the concept including:

  • Sharing security updates so that employees understand the impact of changes
  • Communicating about security breaches in the press and how the organisation works to avoid the same thing happening
  • Regular cyber security training which is personalised and suited to each department and its individual needs
  • Cyber security training as standard as part of onboarding
  • Making reporting procedures clear and reminding employees of these regularly
  • Including cyber security as part of regular organisational communications – made the work that is done to keep data and employees safe a reality.

By making cyber security part of ‘ what the business does’ rather than just what the IT team does it becomes second nature to employees and as a result, will encourage more responsible behaviours and work to close the disconnect between what IT leaders are trying to achieve and what employees actually do.

Need help communicating about cyber security to your teams? we can help – get in touch! 

 

More News

Finding my balance - The Yobah Way

Work-life balance are 3 words that have been bandied around for a long time. I always thought I understood them and I believed I had a good balance. Since joining Yobah 5 months ago, I’ve realised I really didn’t. Working 50 hours a week, and cramming as much ‘life’ into the remaining day and a […]

Read More 

This month in Reboot - July 2022

It’s time for another edition of Reboot and if you missed our newsletter, never fear it’s all here! Yobah Life: Finding My Balance The Yobah Way Work-life balance are 3 words that have been bandied around for a long time. I always thought I understood them and I believed I had a good balance. Since […]

Read More 

The one with all the acronyms: My First 90 days in Cyber Security, CSP and the IT Sector

It is now over 3 months since I joined Yobah as the first full-time member of the business development team. Whilst the realm of Business Development was not new to me, the cloud world very much was. The last 15 weeks have been an exceptionally steep learning curve, to say the least. Firstly, it is […]

Read More