In 2021, over 35 percent of organizations weren’t able to provide complete security of their workers’ data and faced incidents involving breach of information
A successful corporate cyber-defense is impossible without employees at all levels joining forces. Technology is important to prevent cyber attacks, but human factors still play a crucial role, being tied to 85 percent of incidents. Kaspersky’s global survey of IT business decision-makers provides insights into how well organizations and workers collaborate and protect themselves, their clients and each other.
Despite high-profile cases of data breaches being mainly associated with stealing customer information, personal employee data is very popular with cybercriminals as well. In 2021, more than a third (over 35 percent) of organizations weren’t able to provide complete security of their workers’ data and faced incidents involving this type of information. According to the survey, it is surpassed only by customers’ personally identifiable data (43 percent).
“When an organization faces a cyber-incident, correct crisis communications are no less important than response and recovery actions. There’re ever-present risks of data breaches, and businesses should acknowledge that proactive disclosure is preferable to an exposé in the press,” says Evgeniya Naumova, Executive Vice President, Corporate Business, Kaspersky. “Appropriate and timely communications, however, not only minimize the potential reputational damage but can also greatly mitigate direct financial losses. To avoid panic or confusion, a company needs to consider developing a clear crisis plan and train employees in advance. Corporate communications professionals and IT security teams should collaborate to exchange information on cybersecurity insights and determine guides, tools, channels, and language that might be helpful to accurately handle both internal and external communications in case of an emergency,” she elaborates.
Now, the fact that 45 percent of affected organizations haven’t disclosed a breach of personal employee data publicly is a sign that the problem is bigger than it seems. As for the rest, 43 percent have shared information about an incident proactively and 12 percent did so after it has been leaked to the media. This shows that this type of leak is the least frequently disclosed, compared to corporate or customer data breaches.
Lack of external knowledge about potential cybersecurity incidents is not usually mitigated by internal efforts. According to the research, only 44 percent of organizations have already implemented security education and training to ensure that employees are provided with crucial information. In addition, more than a half (64 percent) of those companies have experienced at least one issue relating to the quality of these services. This includes dissatisfaction with the high complexity of courses and a lack of support or expertise on the part of the training provider.
Employees that had not been provided with basic knowledge about the importance of protective measures, can’t be expected to follow the rules. In 2021, compliance of staff and dealing with insufficient end-user security culture is one of the top three biggest concerns for businesses when it comes to IT security – 42 percent of respondents cited it among the most alarming issues. In practice, companies regularly face informational security infringements (41 percent), inappropriate IT resource use (42 percent), and improper sharing of data via mobile devices (38 percent).
Qaisar
