sb-as logo
Story image

'Huge disconnect' between employer and employee perception of security

09 Jun 2020

There is a ‘huge disconnect’ between IT managers and employees when it comes to the perception of whether an organisation is ‘ticking the security compliance box’, according to a new study from Mimecast and Forrester Consulting.

59% of IT managers in a survey conducted by Forrester say they are doing enough for their organisation’s cybersecurity, yet 53% of employees disagree, and 51% believe their managers do not stress enough the importance of good security practices.

The survey was conducted across Australia, Hong Kong, New Zealand and Singapore between January and February 2020 and involved 120 senior IT and business decision-makers responsible for cyber safety at companies with more than 100 employees. 

It also quizzed 240 knowledge workers from the same companies, who regularly use email and digital channels in the workplace.

The report also found that investment in security awareness and training (SA&T) does not necessarily translate into concrete changed behaviour in employees – with half of respondents in New Zealand admitting to flouting security policies despite attending SA&T.

This could potentially be explained in another finding in the Forrester report – that traditional SA&T is ‘long and unengaging’, and does not rely on behavioural science to achieve its objectives of behaviour and culture change.

This leads to static employee behaviour, contributing to the aforementioned disconnect between employee and employer perception of security.
“While security leaders in APAC believe they’ve made security a social norm by leading and encouraging others, this survey underscores that employees are not retaining, understanding or implementing key areas of cybersecurity training – and the existing outdated modes of training are simply not bringing about behavioural change,” says Mimecast country manager A/NZ Nick Lennon.

“In the current COVID-19 business conditions, with many employees working remotely indefinitely, the last thing businesses need is a security breach.”

The report concludes that APAC firms must advance SA&T programs by exploring alternative content types, providing different methods of delivery based on employee preferences, and extending training outside the workplace.
“Almost half of business leadership teams (45%) still have the incorrect perception that security impedes their workforce productivity,” says Forrester Consulting project director Line Larrivaud.

Lennon says the security crises revolving around the pandemic call for cybersecurity to be assigned more significance.

“At a time when global cybersecurity threats, customer data breaches and the potential for reputational damage has never been greater, it’s of vital importance that business leaders and employees understand and value the importance of cybersecurity best practice within their organisation,” says Lennon.

“They simply cannot ignore the consequences or circumvent the protocols.”

Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More
Story image
Microsoft takes legal action to disrupt botnet and combat ransomware
Microsoft has announced it took action to disrupt a botnet, Trickbot, one of the world's most infamous botnets and prolific distributors of malware and ransomware.More
Story image
Report: Power utilities increasingly at risk of devastating cyber-attacks
“Utilities’ existing systems are becoming increasingly connected through sensors and networks, and, due to their dispersed nature, are even more difficult to control.”More
Story image
How to secure your business against DDoS Attacks
With the upward trend of DDoS attacks this year, and an increased dependency on online channels across all industries, businesses need to be prepared, so they don’t suffer any disruption. More
Story image
Entrust launches cloud-based ID issuance solution
The Sigma instant ID solution uses encryption, trusted HSM technology and secure boot to issue highly secure physical and mobile identities.More
Story image
Research: Younger cybersecurity pros more fearful of being replaced by AI
According to the findings, 53% of respondents under 45 years old either agreed or strongly agreed that AI and ML are a threat to their job security, despite 89% of this demographic believing that it would improve their jobs.More