Study: Employees may not report cybersecurity incidents

The report, called “Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within,” suggests that such behaviour occurs in 40 per cent of businesses.

Forty-five percent of enterprises (over 1,000 employees) experience employees hiding cybersecurity incidents, with 42 percent of SMBs (50 to 999 employees), and only 29 percent of VSBs (under 49 employees).

The report also indicates that carelessness and lack of knowledge is also a leading cause of potential cybersecurity incidents, second only to malware.

“The problem of hiding incidents should be communicated not only to employees, but also to top management and HR departments,” said Slava Borilin, security education program manager at Kaspersky Lab. “If employees are hiding incidents, there must be a reason why. In some cases, companies introduce strict, but unclear policies and put too much pressure on staff, warning them not to do this or that, or they will be held responsible if something goes wrong. Such policies foster fears, and leave employees with only one option — to avoid punishment whatever it takes. If your cybersecurity culture is positive, based on an educational approach instead of a restrictive one, from the top down, the results will be obvious.”

Additional information and the full report is available on the Kaspersky Lab blog.