Almost half of companies not at all prepared for a data breach, according to Infosecurity Europe poll
Richmond, Surrey, UK: : Half (49.9%) of respondents to a Twitter poll run by Infosecurity Europe, Europe’s number one information security event, believe that lack of awareness is the biggest security failing or cause of a data breach within their organisation. Employees feel this is having a significant impact on security posture, with 43% stating their organisation is ‘not at all prepared’ for a security breach. Almost a third (30.9%), however, do think their company is very well prepared, and a further 26.1% moderately well prepared. The poll was carried out to mark Cyber Security Awareness Month 2021, the theme of which is Do Your Part. #BeCyberSmart.
Security vulnerabilities were cited by almost a quarter (23.3%) of respondents as the biggest security failing or cause of breach within their company, followed by lack of control over third parties (17.1%). Lack of senior involvement in cybersecurity isn’t considered a major issue, with only 9.7% believing it is their organisation’s most serious cybersecurity problem.
On the whole, employees are willing to play their part in protecting company data, though a third (34.4%) believe they should not be held solely accountable if a breach occurred. One in five feel it would be ‘unfair’ to be held accountable, with more than a quarter saying they ‘wouldn’t care’ if they were held accountable. This suggests a lack of engagement or, again, awareness of what their responsibilities should be around protecting data and the true impact of failing to do so.
When asked about securing company data from attacks while working remotely, 38.6% of respondents find securing their devices is the biggest challenge they face. Reducing pressure on staff is the greatest challenge for 22.9%, followed by securing the environment (19.8%). Almost one in five (18.6%) haven’t noticed any change in terms of security challenges since they started remote working.
Nicole Mills, Exhibition Director at Infosecurity Group, says: “The focus of this year’s Cybersecurity Awareness Month is on empowering individuals and organisations to play an active role in enhancing cybersecurity. Our poll suggests there’s quite some progress still to be made here, with lack of cybersecurity awareness highlighted as a major problem. Nor do most employees have faith that their organisation is well prepared for a breach. There’s clearly as much work to do in the culture space as the technology space when it comes to empowering and equipping people to ‘do their part’ – particularly around education to build cybersecurity awareness, knowledge and skills.”
Infosecurity Europe will be running a virtual conference on Tuesday 12 October in support of Cyber Security Awareness Month 2021. The October Sessions will provide expert insights and practical knowledge that help businesses equip their people with a better understanding of cybersecurity, and the resources to be safer online. The event will involve a full day of webinars on topics including resilience, the insider threat, and cybercrime. Registration for all sessions is open now on the event website.
Lisa Plaggemier, Executive Director of the National Cyber Security Alliance (NCSA) and Oz Alashe, CEO at CybSafe will be opening the conference at 10am, for their presentation A Whole Lotta BS (Behavioural Science). They will explore the findings from the NCSA’s annual survey into the US public's attitudes and beliefs about security through a behavioural science lens, identifying potential drivers and barriers towards secure habits.
Lisa Plaggemier says: “The internet was never designed to be secure; it was designed for the free flow of information. We’re seeing adversaries take advantage of that openness. This is finally making it into the consciousness of the general public, as something people are realising we all have to take responsibility for, and that there’s steps we can all take. It’s not just up to government or large enterprises and organisations – everybody plays a part.”
Infosecurity 2022 will run from Tuesday 21 to Thursday 23 June 2022 at ExCeL London. Full details about the exhibition and conference programme will be released on the website in coming months.
Drawing 3,858 responses, the Twitter poll was conducted during the week of 27 September 2021.