Not So Know-It-All: Just 12% of Employees Are Fully Aware of Their Organization’s IT Security Policies

A lack of IT security awareness remains a worrying reality for businesses around the world, according to a recent study of consumers conducted by Kaspersky Lab and B2B International. The research found that just one-tenth (12% ) of employed respondents are fully aware of the IT security policies and rules set in the organizations they work for. This, combined with the fact that half (49% ) of employees consider protection from cyber threats a shared responsibility, presents additional challenges when it comes to setting the right cybersecurity framework.
The study of 7,993 full-time employees which asked about policies and responsibilities for corporate IT security also revealed that 24% of employees believe there are no established policies in their organizations at all. Interestingly, it seems that ignorance of the rules is no excuse, as around half (49%) of the respondents think all employees, including themselves, should take responsibility for protecting corporate IT assets from cyber threats.

This discrepancy could be particularly dangerous for smaller businesses, where there is no dedicated IT security function and responsibilities are distributed among IT and non-IT personnel. Neglecting even basic requirements, such as changing passwords or installing necessary updates, could jeopardize overall business protection. According to Kaspersky Lab experts, top management, HR and finance specialists who have access to their company’s critical data are usually most at risk of being targeted.
To deal with this problem, small and medium-sized businesses would benefit from regular IT security awareness training for staff and from products tailored to their specific needs. For example, Kaspersky Endpoint Security Cloud includes features such as preconfigured security settings, immediate protection across all devices and easy management capabilities that do not require in-depth expertise from its administrator, thereby reducing the burden on overstretched IT teams.

Kaspersky Lab’s SMB portfolio includes products that cover the various needs of very small, small and medium-sized businesses. Smaller businesses would benefit from the combination of powerful protection and ease of management in Kaspersky Small Office Security and Kaspersky Endpoint Security Cloud, while larger companies may find more use in the advanced security settings and targeted applications for enhanced mobile, server and email protection found in the Kaspersky Endpoint Security for Business suite.