Over forty percent of enterprises anticipate a data breach caused by internal sources in the upcoming year.
In a recent study conducted by Clearswift, a prominent cybersecurity firm, it has been revealed that there is a widespread lack of employee awareness about good cybersecurity practices in UK businesses. Heath Davies, the chief executive at Clearswift, emphasized the urgency of the situation, stating that cyber attacks are a major problem and it's time for boards to take a proactive stance on this matter.
The survey, which polled 4,000 employees, found that 67% of respondents stated that their company provides inadequate information about data policies and expectations. This detachment between front-line security professionals and board members is particularly worrying in the wake of recent high-profile cyber breaches in the UK.
Furthermore, half of the surveyed employees admitted to disregarding data protection policies at work to complete their tasks, and 58% of respondents lacked understanding of what might constitute a security threat from within their organization. This alarming lack of awareness could potentially lead to insider data breaches, as four out of ten businesses anticipate such an occurrence in the next 12 months.
Heath Davies emphasized the need for a clear, coherent, adaptive strategy which encompasses people, processes, and technology. According to Davies, this mandate needs to come from the top, as companies need a comprehensive approach to address the growing threat of internal security breaches.
The study also identified a slow business response to addressing insider threats. As enterprises grow, managing employee behavior becomes more challenging, increasing the risk of a breach within an organization. Seventy-two percent of security professionals believe internal security threats are not treated with the same level of importance as external threats by the board.
It's important to note that the survey did not provide information on the methods used to gather data or the margin of error in the results. Additionally, the survey did not specify the industries or locations of the businesses involved. Despite these limitations, the findings underscore the need for UK businesses to prioritize cybersecurity and employee awareness in their strategies.
