1 in 3 employees don’t understand why cybersecurity is important

2022-07-28 03:00

What's more, only 39% of employees say they're very likely to report a security incident, making investigation and remediation even more challenging and time-consuming for security teams.

Virtually all IT and security leaders agreed that a strong security culture is important in maintaining a strong security posture.

The report suggests this could stem from a reliance on traditional training programs; 48% of security leaders say training is one the most important influences on building a positive security posture.

The reality is that employees aren't engaged; just 28% of UK and US workers say security awareness training is engaging and only 36% say they're paying full attention.

Eighty percent of security leaders believe robust feedback loops are in place to report incidents, but less than half of employees feel the same, suggesting clearer processes are needed so that security teams have greater visibility of risk in their organization.

"To get people better engaged with the security needs of the business, education should be specific and actionable to an individual's work. It is the security teams' responsibility to create a culture of empathy and care, and they should back up their education with tools and procedures that make secure practices easy to integrate into people's everyday workflows. Secure practices should be seen as part of productivity. When people can trust security teams have their best interest at heart, they can create true partnerships that strengthen security culture."

News URL

https://www.helpnetsecurity.com/2022/07/28/employees-dont-understand-why-cybersecurity-is-important/

#cybersecurity