According to a report titled "How Security Cultures Impact Employee Behavior", one in three employees are not aware of the importance of cybersecurity.
Despite the fact that 99% of the security leaders surveyed say that the strength of the security system depends on the culture of attitude towards security, employees of companies still do not pay the necessary attention to cybersecurity issues.
About 75% of organizations have experienced security incidents in the last year. What's more, according to the survey, only 39% of company employees said they would report a security incident. 42% of employees surveyed said that if they had caused an incident, they would not have known about it. At the same time, 25% of company employees reported that they do not pay enough attention to cybersecurity and do not mention it. Such results make it clear that in the event of a security incident, its investigation and correction becomes a complex and time-consuming process for security services.
Despite the fact that 48% of security leaders consider training one of the most important factors in creating a reliable security system, employees are not very interested in it. Just 28% of UK and US workers say safety training is fun, and only 36% say they give it their full attention.
In the results of the study, there is also a large difference in the answers of respondents from different generations. Thus, 54% of respondents who are over 55 take cybersecurity at work very seriously, while only 15% of respondents aged 18 to 24 gave the same answer.
Young professionals are less likely to follow such simple yet very important rules, such as changing passwords regularly, keeping confidential company data safe, opening files received by email from unknown sources, and so on.