Cybersecurity in an organisation is primarily a proactive effort. Whilst it does have a reactive component as well, a response to a cyberattack may only be successful with proper planning and preparation. The hope with a crisis response plan is also that you should never need it as long as you make sure threats can’t breach your protections.
In GetApp’s 2024 Data Security Survey, we discovered that most sampled employees work in companies that have a formal response plan in place, yet 13% of respondents are employed in businesses without such a plan, leaving themselves exposed to attackers.
Likewise, 22% of our sample work in companies where they don’t have protocols to report cyber attacks or aren’t sure of them. These kinds of discrepancies put companies and their data at significant risk. It only takes one successful attempt for businesses to lose money, data, and potentially their reputation amongst customers.
In our sample, 17% have experienced an account takeover of an online account, and 35% have had one or more data breaches in their company. Worse still, 42% of staff surveyed with responsibility or full knowledge of their company’s cybersecurity measures (representing 86% of our entire sample) said their company has experienced a ransomware attack in the past 12 months.
There are many ways that businesses can embrace a proactive approach to safeguard their systems. Some of the most common ways participants in the GetApp survey observed security practices in their organisations were through measures such as password policies, two-factor authentication (2FA), training and awareness programs, and features such as antivirus and firewall software. These approaches all offer practical ways to limit unwanted access to potential attackers and keep employees mindful of the task of upholding security.
Another important factor is fostering an open mindset that encourages employees to think about cybersecurity on a regular basis at work and feel able to report issues when they arise.
Respondents in the study highlighted areas such as training, phishing simulations and clearer explanations of policy guidelines as the three top areas where companies might improve workplace cybersecurity engagement amongst staff. In fact, the training aspect is already common in a lot of companies our surveyed employees worked in, with 65% saying they’d been given cybersecurity training. Furthermore, 42% of staff surveyed say that they take extra steps in addition to just the company’s best practice guidelines.
The results seem to show that staff are usually just as concerned about securing the company as the business itself is. This offers managers and company heads a good starting point to encourage the mindset that security is the job of every employee and not just those designated to it exclusively.