With 1 in 3 employees believing the cybersecurity of their company is a moderate or major problem, decision-makers must do more to reassure them. Especially since remote work is now a big part of the workplace. And as more people work from home, digital security will become even more important for employees.
According to a recent survey and report from Nulab, 76% of employees say there is some degree of a problem. And only 24% say there is no problem at all. This means more than 3 in 4 have an issue with the cybersecurity protocol the company they work for has in place. And it affects companies of all sizes.
Employee Worries About Cyber Security
The cybersecurity issue is difficult enough for large enterprises, but the problem becomes even more challenging for small businesses. So, how are small businesses with fewer resources managing the problem? The question is a timely one for the current environment. However, it is important to point out small businesses have always been a favorite target for cybercriminals.
The Verizon 2020 Data Breach Investigations Report (DBIR) says 28% of cyber-attacks target small businesses. And because it does not make the news like the security breaches of large companies, people, including business owners, wrongly assume they are not under a major threat. But this could not be further from the truth. And when you consider small businesses make up 99% of all firms in the U.S., the problem is that much more distressing.
The Nulab survey spoke to more than 1,000 full-time employees about their perceptions of workplace cybersecurity. These are people who spend at least four hours each day using a computer. They were then asked about the cybersecurity conditions of their company. The respondents were made up of 53% male and 46% female participants.
In addition to the above data points, 42% of employees confronted their employees about poor workplace cybersecurity habits. Furthermore, employees also believe the digital information of their employer is not secure. In companies with 1-50 employees, 23% believe this to be the case. It goes slightly down to 19% for companies with 51-100 employees and down even further to 10% for those with 101-500 employees.
Overall, 15% of employees believe the digital information of their employer is not secure. But for small businesses, it goes up to 23%.
Another key takeaway from the survey is the lack of responsiveness by employers when it comes to employee cybersecurity concerns. The number is particularly high from small business employers. In companies with 1-50 workers, 44% of the employees say their employer is slightly or not at all responsive to the issue. For the next tier with 51-100 employees goes down to 33% and 25% for those with 101-500 employees. But it remains almost the same for companies with 501-1,000 and 1,001+ employees reporting 29% and 27% respectively.
Awareness and Reporting
Business owners must establish a culture in which employees can freely report any perceived threat to the company. If they are chastised or ignored, the likelihood of them reporting a threat next time goes down dramatically.
The report says 58% kept perceived cybersecurity risks to themselves instead of confronting their employer. This the report says is because few employees were listened to when they brought up their concerns.
Considering the threat, this should be a very frightening data point for any business owner. This is because the cost of a security breach is getting more expensive by the year. The 2017 Better Business Bureau says small businesses lose $80K on average to cybercrime annually.
The key to fully addressing cybersecurity is changing company culture and behavior.
Changing Behavior and Putting Cybersecurity First
The fact of the matter is data breaches are a very real threat to everyone. Whether you are an individual or a small or large organization, everyone faces this threat. For employers addressing the issue starts by changing the culture and behavior in the company regarding cybersecurity.
If you put cybersecurity first and establish a culture in which your employees are heard, you can catch a security breach or an attempt much earlier. After all, it takes an average of 191 days for companies to realize there has been a breach. And these slow responses are especially harmful to small businesses.
Regular cybersecurity training goes a long way in making everyone in the company more aware and reducing their exposure to cyberattacks. The training also stops decision-makers from disregarding a concern an employee brings up.