sb-au logo
Story image

'Huge disconnect' between employer and employee perception of security

09 Jun 2020

There is a ‘huge disconnect’ between IT managers and employees when it comes to the perception of whether an organisation is ‘ticking the security compliance box’, according to a new study from Mimecast and Forrester Consulting.

59% of IT managers in a survey conducted by Forrester say they are doing enough for their organisation’s cybersecurity, yet 53% of employees disagree, and 51% believe their managers do not stress enough the importance of good security practices.

The survey was conducted across Australia, Hong Kong, New Zealand and Singapore between January and February 2020 and involved 120 senior IT and business decision-makers responsible for cyber safety at companies with more than 100 employees. 

It also quizzed 240 knowledge workers from the same companies, who regularly use email and digital channels in the workplace.

The report also found that investment in security awareness and training (SA&T) does not necessarily translate into concrete changed behaviour in employees – with half of respondents in New Zealand admitting to flouting security policies despite attending SA&T.

This could potentially be explained in another finding in the Forrester report – that traditional SA&T is ‘long and unengaging’, and does not rely on behavioural science to achieve its objectives of behaviour and culture change.

This leads to static employee behaviour, contributing to the aforementioned disconnect between employee and employer perception of security.
“While security leaders in APAC believe they’ve made security a social norm by leading and encouraging others, this survey underscores that employees are not retaining, understanding or implementing key areas of cybersecurity training – and the existing outdated modes of training are simply not bringing about behavioural change,” says Mimecast country manager A/NZ Nick Lennon.

“In the current COVID-19 business conditions, with many employees working remotely indefinitely, the last thing businesses need is a security breach.”

The report concludes that APAC firms must advance SA&T programs by exploring alternative content types, providing different methods of delivery based on employee preferences, and extending training outside the workplace.
“Almost half of business leadership teams (45%) still have the incorrect perception that security impedes their workforce productivity,” says Forrester Consulting project director Line Larrivaud.

Lennon says the security crises revolving around the pandemic call for cybersecurity to be assigned more significance.

“At a time when global cybersecurity threats, customer data breaches and the potential for reputational damage has never been greater, it’s of vital importance that business leaders and employees understand and value the importance of cybersecurity best practice within their organisation,” says Lennon.

“They simply cannot ignore the consequences or circumvent the protocols.”

Story image
BlackBerry partners with ServiceNow for incident response management
BlackBerry has announced it has entered into a partnership with ServiceNow to integrate the BlackBerry AtHoc service within the Now platform for rapid crisis communications and IT service management. More
Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
Creating private data regulations for employees
Whether employees are hired on a part-time or full-time basis, everyone must know about data privacy regulations. Everyone needs to be responsible for keeping the organisation’s data secure. More
Link image
Save the date: 28 October is the day your CX will be supercharged
Learn from the experts at Zendesk and ESG to find out how you can supercharge your customer experience approach in this exclusive online event! Register now.More
Story image
Cisco report: Remote working is here to stay, making cybersecurity a top priority
"With this new way of working here to stay and organisations looking to increase their investment in cybersecurity, there’s a unique opportunity to transform the way we approach security as an industry to better meet the needs of our customers and end-users.”More
Link image
The importance of data resilience in the current cybersecurity climate
Protecting an organisation's data is one of the most crucial functions of any CISO. Strategies should be in place where data is stored securely and cost-effectively.More