A global survey of 600 IT leaders across various industries revealed that organisations want to trust their employees when it comes to cybersecurity, but to do so, they need to better leverage technology.
The research, carried out by ObserveIT, the insider threat management platform, also found that employers should develop clear cybersecurity protocols and invest more in employee training programmes and monitoring tools to verify safe user activity.
Since 2016, the average number of incidents involving employee or contractor negligence has increased by 26 per cent, and by 53 per cent for criminal and malicious insiders (Ponemon). While employees are an organisation’s biggest asset – whether they are full-time, freelancers or contractors – they can also be a prime channel for information loss via negligent or malicious actions.
As such, companies need to prioritise effective training programmes across their employee base, leverage precise monitoring tools to verify safe user activity and ensure that clear protocols are in place for onboarding and offboarding employees to prevent data loss.
Key findings from the survey include:
- Technology can enhance trust between employers and employees: According to the survey, on average, 46 per cent of respondents agree that their organisation doesn’t have confidence in its workforce when it comes to keeping valuable data and assets safe. This lack of trust is even higher in the public sector (53 per cent), IT and technology services (52 per cent) and manufacturing (51 per cent). With an evolving risk environment and employee trust being highly important, 92 per cent of respondents agree that investment in new technologies to monitor insider threats and verify user activity will be crucial for keeping information secure over the next 18 months.
- Training, policies and technology should be prioritized: Organisations also have an opportunity to build trust via training and polic ies. The survey found that 43 per cent of organisations don’t have a policy that prohibits staff from taking IP/data with them when leaving the organisation. Further, 67 per cent of respondents say remote work is allowed in their organisation, and 42 per cent report contractors/freelancers use personal devices for work activity. With an evolving work environment and more devices being used to access company information, organisations need to establish clear protocols for all users handling data and IP regardless of location, device or employment status.
- Employers should make employees aware of the ramifications of data leakage: Most employees aren’t aware of the repercussions that follow leaking information either accidentally or maliciously. Almost 60 per cent of organisations don’t explain the contractual penalties for putting their organisations at risk and only 36 per cent of IT leaders feel that cybersecurity is extremely important to their organisations’ general employees. As such, employers need to ensure the consequences of negligent or malicious leakage are well-defined and communicated to employees.
“The workforce is changing rapidly as remote work becomes commonplace and more companies rely on freelancers and contractors to support daily activities,” said Mike McKee, CEO of ObserveIT. “Trusting employees to keep valuable information safe should start at the top with effective training, clear guidelines and verification via technology for all users.”
ObserveIT commissioned Vanson Bourne to conduct 600 interviews with senior IT decision makers on the topic of trust within the workplace. Respondents were from organisations in the private and public sector with 2,500 or more employees, across the U.S., EMEA and APAC.