KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, announced new research which found seven in ten (70 per cent) IT decision-makers feel governments should be doing more to protect businesses from cyber-attacks.
In addition, only just over half (52 per cent) of IT decision-makers in Australia and Singapore say they are confident they understand their organization’s responsibilities regarding Government reporting of cyber incidents and data breaches.
Jacqueline Jayne, Security Awareness Advocate for APAC at KnowBe4, says: “It’s clear from our research that IT leaders and businesses across APAC are not feeling supported by the Government when it comes to security issues. There is more education required for those in IT about their obligations and commitments but also of the general public about how to stay safe online both at home and at work.”
Things IT decision-makers believe the Government should be doing, include:
· Providing more education and awareness to all our citizens about the cyber risks and how to stay safe online (45 per cent),
· Providing more training for businesses on cyber risks (42 per cent), and
· Providing more funding for businesses for cyber protection (38 per cent).
Who is responsible?
Jayne continues: “The reality is that cyber threats are so pervasive that keeping individuals and businesses safe requires a combined effort from the Government, business leaders, IT departments and employees alike. There is no panacea or magic technology solution that will protect your business. Everyone needs to be educated about potential threats and how to avoid them.”
Worryingly, fewer than half (45 per cent) of APAC IT decision-makers believe that it is everyone’s responsibility to protect the organisation from cyber-attacks.
· 33 per cent believe it is the IT department’s responsibility,
· 21 per cent believe it is the employee’s responsibility,
· 22 per cent believe it is the Government’s responsibility, and
· More than a quarter (27 per cent) say technology should be protecting the organisation from cyber-attacks.
Those who are planning on investing in/spending money towards cyber security in 2022 are much more likely than those who are not to believe it is the IT department’s responsibility (38 per cent compared to 14 per cent) and the employee’s responsibility (26 per cent compared to 7 per cent).
On the other hand, those who are not planning on investing in cyber security in 2022 are more likely than those who are to believe it is everyone’s responsibility to protect the organisation from cyber-attack (59 per cent compared to 41 per cent) and that they don’t think anyone is responsible for protecting the organisation from cyber-attacks (9 per cent compared to one per cent).
The employee view:
Given the IT department’s lack of clarity, it is unsurprising that employees are also unaware of who is responsible for cybersecurity:
· Almost a quarter (24 per cent) say technology should be protecting the organisation from cyber-attacks.
· 21 per cent believe it is the IT department’s responsibility, and
· 11 per cent believe it is the Government’s responsibility.
However, training regarding cyber security impacts employees’ views and makes them more likely to take responsibility for their own role in keeping the organisation safe. Those who have received training are more likely to believe it is the employees’ responsibility (16 per cent) compared to those who have not received training (11 per cent).
While in contrast, those who have never received training are more likely to believe it is the IT department’s responsibility (29 per cent compared to 17 per cent).
