sb-eu logo
Story image

'Huge disconnect' between employer and employee perception of security

09 Jun 2020

There is a ‘huge disconnect’ between IT managers and employees when it comes to the perception of whether an organisation is ‘ticking the security compliance box’, according to a new study from Mimecast and Forrester Consulting.

59% of IT managers in a survey conducted by Forrester say they are doing enough for their organisation’s cybersecurity, yet 53% of employees disagree, and 51% believe their managers do not stress enough the importance of good security practices.

The survey was conducted across Australia, Hong Kong, New Zealand and Singapore between January and February 2020 and involved 120 senior IT and business decision-makers responsible for cyber safety at companies with more than 100 employees. 

It also quizzed 240 knowledge workers from the same companies, who regularly use email and digital channels in the workplace.

The report also found that investment in security awareness and training (SA&T) does not necessarily translate into concrete changed behaviour in employees – with half of respondents in New Zealand admitting to flouting security policies despite attending SA&T.

This could potentially be explained in another finding in the Forrester report – that traditional SA&T is ‘long and unengaging’, and does not rely on behavioural science to achieve its objectives of behaviour and culture change.

This leads to static employee behaviour, contributing to the aforementioned disconnect between employee and employer perception of security.
“While security leaders in APAC believe they’ve made security a social norm by leading and encouraging others, this survey underscores that employees are not retaining, understanding or implementing key areas of cybersecurity training – and the existing outdated modes of training are simply not bringing about behavioural change,” says Mimecast country manager A/NZ Nick Lennon.

“In the current COVID-19 business conditions, with many employees working remotely indefinitely, the last thing businesses need is a security breach.”

The report concludes that APAC firms must advance SA&T programs by exploring alternative content types, providing different methods of delivery based on employee preferences, and extending training outside the workplace.
“Almost half of business leadership teams (45%) still have the incorrect perception that security impedes their workforce productivity,” says Forrester Consulting project director Line Larrivaud.

Lennon says the security crises revolving around the pandemic call for cybersecurity to be assigned more significance.

“At a time when global cybersecurity threats, customer data breaches and the potential for reputational damage has never been greater, it’s of vital importance that business leaders and employees understand and value the importance of cybersecurity best practice within their organisation,” says Lennon.

“They simply cannot ignore the consequences or circumvent the protocols.”

Story image
High-tech heist: why fending off ransomware attacks is more challenging than ever in 2020
The COVID-19 crisis has unleashed a wave of sophisticated and disruptive ransomware attacks, and the onus is on businesses to ramp up their security measures if they’re to avoid falling victim, writes Attivo Networks regional director for A/NZ Jim Cook.More
Story image
Proofpoint and CyberArk extend partnership to further safeguard high-risk users
“Our CyberArk partnership extension provides security teams with increased detection and enhanced adaptive controls to help prevent today’s most severe threats."More
Story image
Why it’s essential to re-write IT security for the cloud era
Key components of network security architecture for the cloud era should be built from the ground up, as opposed to being bolted on to legacy solutions built for organisations functioning only on-premises or from only managed devices.More
Story image
Revealed: The behaviours exhibited by the most effective CISOs
As cyber-threats pile up, more is being asked of CISOs - and according to Gartner, only a precious few are 'excelling' by the standards of their CISO Effectiveness Index.More
Story image
Yubico launches latest YubiKey with NFC & USB-C support
Yubico has released a new hardware authentication key, designed to provide security through both near-field communication (NFC) and USB-C connections and smart card support.More
Story image
OT networks warned of vulnerabilities in CodeMeter software
Manufacturers using the Wibu-Systems CodeMeter third-party licence management solution are being urged to remain vigilant and to urgently update the solution to CodeMeter version 7.10.More