While businesses are largely committed to cybersecurity initiatives, workers have little faith in the ability of their employers to safeguard critical data and other assets, according to data gathered by TechRadar Pro.
A survey of our readers found the majority (70.70%) of staff believe cybersecurity is a central focus for their business, yet half (44.97%) of the same group also feel ill-equipped to handle the cyberthreats their company faces.
Many employees (66.43%) are also skeptical about the preparedness of their colleagues to adapt to changes in the cybersecurity landscape, such as the evolution of new attack vectors or emergence of novel malware strains.
The transition to remote working has raised a number of questions about the ability of businesses to deal with cybersecurity threats and adapt to techniques employed by the most sophisticated cybercriminals today.
With many employees now operating out of their home offices, the traditional security perimeter has expanded by magnitudes in a matter of months – and the addition of shadow IT to the mix has made security oversight near-impossible.
Companies are also faced with a litany of potential consequences in the event of a cyber incident, ranging from financial to reputational and operational.
In the last two weeks alone, for example, both health giant Garmin and camera manufacturer Canon have fallen victim to damaging ransomware attacks.
The former suffered a week-long service outage as a result and ended up paying the ransom fee in exchange for the safe return of stolen data. While the latter managed to restore its systems relatively quickly, the attackers leaked stolen information online in response to the firm’s refusal to pay the ransom.
Both examples illustrate the range of potential consequences that could arise as a result of chinks in the cybersecurity armor – and also the highly disruptive qualities of ransomware in particular.
Respondents to our survey highlighted insufficient training as one possible problem area, as well as a lack of clear accountability and lines of command.
Roughly a quarter (26.12%) said current cybersecurity training is not up to standard, and the majority of this sub-group (73.38%) suggested their business is poorly placed to handle evolving threats as a result.
Meanwhile, almost one third (29.49%) said they had no idea who is responsible for handling cybersecurity issues in their organization, which should set alarm bells ringing in the CISO’s office.
While cyber awareness levels are higher than ever, it is clear businesses need to take material action – and they are not lacking economic incentive to do so.
Beyond the threat of financial penalties issued by data protection watchdogs (which can reach millions of dollars depending on the severity of the incident and size of the business), almost half (42.30%) of those surveyed also said superior cybersecurity capabilities would make their company more profitable in the long run.