Study: Employees may not report cybersecurity incidents

Staff
Tuesday July 11, 2017
Written by Staff
Employees may be hiding IT security incidents from their bosses to avoid punishment, according to a recent report from Kaspersky Lab and B2B International.

The report, called “Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within,” suggests that such behaviour occurs in 40 per cent of businesses.

Forty-five percent of enterprises (over 1,000 employees) experience employees hiding cybersecurity incidents, with 42 percent of SMBs (50 to 999 employees), and only 29 percent of VSBs (under 49 employees).

The report also indicates that carelessness and lack of knowledge is also a leading cause of potential cybersecurity incidents, second only to malware.

“The problem of hiding incidents should be communicated not only to employees, but also to top management and HR departments,” said Slava Borilin, security education program manager at Kaspersky Lab. “If employees are hiding incidents, there must be a reason why. In some cases, companies introduce strict, but unclear policies and put too much pressure on staff, warning them not to do this or that, or they will be held responsible if something goes wrong. Such policies foster fears, and leave employees with only one option — to avoid punishment whatever it takes. If your cybersecurity culture is positive, based on an educational approach instead of a restrictive one, from the top down, the results will be obvious.”

Additional infomation and the full report is available on the Kaspersky Lab blog.

Add comment


Security code
Refresh

Subscription Centre

 
New Subscription
 
Already a Subscriber
 
Customer Service
 
View Digital Magazine Renew

Job Board

Latest Events

(ISC)2 Security Congress
September 25-27, 2017
Focus On Drones
October 4, 2017
Security Canada Central
October 18-19, 2017