Times of London: Awareness is not action
Mimecast EMEA field CTO, Johan Dreyer, explains how employees need better support to maximise their cyber hygiene and how businesses can provide it
Employees broadly understand the implications of cybersecurity and how their behaviour could impact their company’s safety and yet still take actions that could put it at risk. In the Times of London, Mimecast's field CTO Johan Dreyer provides expert insight on how leaders can provide support to employees related to cyber hygiene.
"Why do so many organisations struggle to have a culture of cybersecurity?
It’s quite simple. Business leaders do understand the potential risks associated with lax cybersecurity. Quite apart from their regulatory commitments, there are significant costs incurred as the result of an attack, from systems recovery to business downtime. Business owners are acutely aware of the need to make their organisations as cyber secure as possible.
Findings from our State of Email Security 2023 report have shown that almost every business (99%) offers some form of cybersecurity awareness training to its staff. And yet, in the past 12 months, three out of four have seen an increase in email-based threats, two-thirds have been harmed by a ransomware attack and 80% believe their company is directly at risk as a result of careless or negligent employees.
This negligence is not down to laziness, a devil-may-care attitude or even malice. On the whole, employees are as keen as their bosses to be safety conscious when it comes to cybersecurity. The problem is that cybersecurity training as it stands is rarely tailored to the needs of the employee. Our Collaboration Security: Risks & Realities of the Modern Work Surface research found that one in five employees skip all the cybersecurity reviews before responding to a private message on a business collaboration tool with a link or an attachment, for example."