The vast majority of employees trust cybersecurity teams to manage organizational cyber threats despite functional issues, according to a new survey of office workers in the US and UK. THE CybSafe study also found that staff increasingly perceive cybersecurity teams as indispensable in a context an increasingly unpredictable threat environmentalthough some negative stereotypes regarding obstructive security practices persist.
According to CYE Vice President Ira Winkler, it’s “a pleasant surprise” that users are extremely satisfied with the responses from their company’s cybersecurity teams. “This requires cybersecurity teams to increasingly focus on customer service and understanding user needs,” said the author of “Security Awareness for Dummies.” “While cybersecurity friction has a bad connotation, the reality is that it can be useful and necessary. While you don’t want to make business processes difficult, you want to make sure it’s not easy to do bad things.
Employees view cybersecurity teams as necessary
The survey of 1,000 UK and US employees found that 86% of respondents considered the cybersecurity team “necessary”, while 72% considered it a vital business operation. However, employees also expressed concerns about the imposition of new cybersecurity precautions that they said reduced their effectiveness (38%) and hurt their personal progress at work (24%). Meanwhile, nearly a third of respondents were unaware of the roles and responsibilities of their cybersecurity teams, indicating visibility issues.
The study also revealed new insights into how employees perceive the importance of cybersecurity to the integrity of their business. 45%, for example, said they believe regular employees need additional mandatory cyber training, suggesting an opportunity for teams to further build understanding and trust through education. The survey also found that while cybersecurity teams are the designated leaders in implementing a tight cybersecurity culture, employees also feel increasingly responsible for playing their rolewith 82% saying everyone in an organization shares responsibility for safeguarding.
Employees need more cyber training
“Cybersecurity and data protection is a collective effort, but ultimately it is the role of the cybersecurity team to guide, inform and strengthen this effort,” said Oz Alashe, Managing Director from CybSafe. “By increasing visibility, improving communication channels, and listening to peer feedback, CISOs and their teams can reach people who struggle to engage with their message and continue to improve their organization’s cyber resilience from the ground up.
At the same time, Winkler cautioned that while these tests may seem obstructive, integrating identity verification tests into daily work practices is a necessary safeguard against worst-case breach scenarios. “Users and the business as a whole need to understand that cybersecurity integrated into business practices allows organizations to do things they wouldn’t be able to do otherwise,” says Wrinkler. After all, he added, “cloud-based applications would not be possible unless data was secure on the Internet and users could authenticate properly.”