Skip to main content

New Survey Reveals Cybersecurity Training is Missing the Mark as Employees Work around Company Security Policies

Written by Customer Service on . Posted in Public Companies.

MELBOURNE, Australia, June 02, 2020 (GLOBE NEWSWIRE) — Mimecast Limited (NASDAQ: MIME), a leading email and data security company, today released a study titled Don’t Just Educate: Create Cybersafe Behaviour. The survey shows that while customer data breaches and reputational damage around the world is encouraging businesses to re-examine their security practices, employee cyber behaviour still needs to change.
The survey, conducted by Forrester Consulting, found that while 59% of security and IT managers think they are ‘ticking the security compliance box’, their employees report a huge disconnect. More than half of the 240 employees surveyed in APAC (53%) disagree with that statement, and 51% believe their managers do not stress the importance of good security practices.The survey was conducted across Australia, Hong Kong, New Zealand and Singapore between January and February 2020 and involved 120 senior IT and business decision makers responsible for cybersafety at companies with more than 100 employees. Respondents represented 20 industry sectors including government, healthcare, legal, marketing, energy, telecommunications, transport and logistics.The survey included a wide range of questions around Security Awareness and Training (SA&T) Programs in APAC, including security measure and implementation, employee behaviour changes, security culture and overall effectiveness in delivering effective training programs. Results of the employer survey were measured against feedback from 240 knowledge workers within these companies, who regularly use email and digital channels in the workplace.Across the region the study also found that attending SA&T activities does not necessarily translate to a change in behaviour for employees, with a third of SA&T attendees still admitting to flouting security policies — increasing to more than 50% for respondents in New Zealand.“While security leaders in APAC believe they’ve made security a social norm by leading and encouraging others, this survey underscores that employees are not retaining, understanding or implementing key areas of cyber security training – and the existing outdated modes of training are simply not bringing about behavioural change,” said Nick Lennon, Country Manager for Mimecast Australia and New Zealand.Additional findings from the Forrester Consulting study include:Traditional SA&T is long and unengaging, uses outdated content types, and does not rely on behavioural science to achieve its objectives of behaviour and culture change.As a result, employees’ behaviours are not changing, which further contributes to a disconnect between employers’ perceptions and how their employees really feel about security.APAC firms must advance SA&T programs by exploring alternative content types, providing different methods of delivery based on employee preferences, and extending training outside the workplace.“Almost half of business leadership teams (45%) still have the incorrect perception that security impedes their workforce productivity,” as noted in the study by Line Larrivaud, Forrester Consulting Project Director for this survey. At the same time, she notes that, “Attending SA&T activities does not necessarily translate into a change in behaviour for employees — with 31% of training attendees in APAC still admitting to going around security policies. In New Zealand, more than half (52%) admitted to this”.“At a time when global cybersecurity threats, customer data breaches and the potential for reputational damage has never been greater, it’s of vital importance that business leaders and employees understand and value the importance of cyber security best practice within their organisation. They simply cannot ignore the consequences or circumvent the protocols,” commented Lennon.About Mimecast 
Mimecast is a cybersecurity provider that helps thousands of organisations worldwide make email safer, restore trust and strengthen cyber resilience. Mimecast’s expanded cloud suite enables organisations to implement a comprehensive cyber resilience strategy. From email and web security, archive and data protection, to awareness training, uptime assurance and more, Mimecast helps organisations stand strong in the face of cyber-attacks, human error and technical failure. www.mimecast.com Mimecast Social Media Resources 
LinkedIn: Mimecast 
Facebook: Mimecast 
Twitter: @Mimecast 
Blog: Cyber Resilience Insights

Disclaimer & Cookie Notice

Welcome to GOLDEA services for Professionals

Before you continue, please confirm the following:

Professional advisers only

I am a professional adviser and would like to visit the GOLDEA CAPITAL for Professionals website.

Important Notice for Investors:

The services and products offered by Goldalea Capital Ltd. are intended exclusively for professional market participants as defined by applicable laws and regulations. This typically includes institutional investors, qualified investors, and high-net-worth individuals who have sufficient knowledge, experience, resources, and independence to assess the risks of trading on their own.

No Investment Advice:

The information, analyses, and market data provided are for general information purposes only and do not constitute individual investment advice. They should not be construed as a basis for investment decisions and do not take into account the specific investment objectives, financial situation, or individual needs of any recipient.

High Risks:

Trading in financial instruments is associated with significant risks and may result in the complete loss of the invested capital. Goldalea Capital Ltd. accepts no liability for losses incurred as a result of the use of the information provided or the execution of transactions.

Sole Responsibility:

The decision to invest or not to invest is solely the responsibility of the investor. Investors should obtain comprehensive information about the risks involved before making any investment decision and, if necessary, seek independent advice.

No Guarantees:

Goldalea Capital Ltd. makes no warranties or representations as to the accuracy, completeness, or timeliness of the information provided. Markets are subject to constant change, and past performance is not a reliable indicator of future results.

Regional Restrictions:

The services offered by Goldalea Capital Ltd. may not be available to all persons or in all countries. It is the responsibility of the investor to ensure that they are authorized to use the services offered.

Please note: This disclaimer is for general information purposes only and does not replace individual legal or tax advice.