The vast majority of employees trust cybersecurity teams to handle organisational cyber threats despite functional concerns, according to a new survey of US and UK office workers. The study by CybSafe also found that staff increasingly perceive cybersecurity teams as indispensable amid an increasingly unpredictable threat environment, though some negative stereotypes around obstructive security practices persist.
It was, said CYE vice-president Ira Winkler, “a pleasant surprise” that users were overwhelmingly satisfied with the responses of their corporate cybersecurity teams. “The implication is that cybersecurity teams are becoming more customer service-focused and understanding of users’ needs,” said the author of ‘Security Awareness for Dummies.’ “While cybersecurity friction does have a bad connotation, the reality is that it can be useful and necessary. While you don’t want to make business processes difficult, you do want to make sure that it is not easy to do the wrong things.”
Employees see cybersecurity teams as necessary
The survey of 1,000 UK and US employees found that 86% of respondents considered the cybersecurity team as “necessary,” while 72% considered it to be a vital company operation. However, employees also expressed concerns about the imposition of new cybersecurity precautions that, in their view, reduced their efficiency (38%) and hindered their personal progress at work (24%). Meanwhile, almost one-third of those surveyed were unfamiliar with the roles and responsibilities of their cybersecurity teams, indicating issues with visibility.
The study also revealed new insights into how individual employees perceive the broad importance of cybersecurity to the integrity of their companies. 45%, for example, said that they believed regular employees required further mandatory cyber training, suggesting an opportunity for teams to build understanding and trust further through education. The survey also found that while cybersecurity teams are the designated leaders in implementing an airtight cybersecurity culture, employees also feel increasingly responsible for playing their part, with 82% reporting that everyone in an organisation shares responsibility for protection.
Employees need more cyber training
“Cybersecurity and data protection is a collective effort, but ultimately, it is the role of the cybersecurity team to guide, inform and bolster this endeavour,” said CybSafe’s chief executive, Oz Alashe. “By increasing visibility, improving communication channels and listening to their peers’ feedback, CISOs and their teams can reach out to those individuals struggling to engage with their message and continue improving their organisation’s cyber resilience from the ground up.”
Meanwhile, Winkler cautioned that, while they might seem obstructive, embedding identity verification tests into daily working practices was a necessary safeguard against the worst breach scenarios. “Users and the company as a whole should understand that cybersecurity embedded in business practices enables organisations to do things they otherwise would not be able to do,” Wrinkler says. After all, he added, “ cloud-based applications would not be possible unless data could be secured across the internet and users could authenticate themselves properly.”