Thycotic commissioned an independent market researcher to interview 100 IT security “decision makers” at UK public and private organizations with at least 1,000 employees. In interviews last November, 63% of respondents said their security teams are seen internally as naysayers, with some using the phrases “doom mongers” and “necessary evil.” Indeed, 38% said they’re seen as the “policemen.” A small minority (13%) said they feel negativity toward their team and role “all the time.”
What’s more, many of these IT security decision-makers cited either indifferent or negative responses when launching new new security practices. Specifically, 35% said employees believe such policies will interfere with their work, while 39% said employees barely observe the changes. Relatedly, 27% said cybersecurity is a background function that others in the organization fail to notice.
It might be time for companies and public entities to remedy their employees’ lack of cybersecurity awareness. That’s according to the National Cybersecurity Center, a Colorado nonprofit, which has found that most data breaches take place because of human error. Organizations should use this first-quarter hiring season to make a plan for training incoming workers on cybersecurity fundamentals, Jonathan Steenland, the group’s COO, tells ZDNet. A recent accidental leak of confidential information by financial giant BlackRock underscores the risk of human error, as Investment News observes.
Another potential area for mistakes may be simple errors of omission. French aerospace and security multinational Thales Group’s latest annual report on data threats—based on a survey of 1,200 IT and security executives from organizations in nine countries—finds that while 97% of respondents use sensitive data in new digital environments, fewer than 30% used encryption in these environments. That’s despite the many recent high-profile breaches.
Organizations that invest in privacy measures may find that it pays off. According to Cisco’s latest annual survey of 3,200 security pros in 18 countries, getting ready for the European Union’s General Data Protection Regulation seemed to mitigate the effect of data breaches. The survey found that just 37% of the GDPR-ready companies had data breaches costing more than $500,000, versus 64% of the least GDPR-ready companies.