Global survey on security attitudes, behaviours and policies reveals majority of respondents very or somewhat confident reporting a security issue to their security team
A recent survey conducted by Censuswide on behalf of KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, offers a detailed look into the similarities and differences of security attitudes, behaviours and policies adopted by over 6,000 employed individuals across six countries: the United States, United Kingdom, Germany, Netherlands, Norway and South Africa. Alongside an investigation into the public’s confidence in spotting online scams, KnowBe4 also reveals an improvement in rapport between employees and IT security teams. In fact, the vast majority (87%) of respondents admit to feeling very or somewhat comfortable to report a security issue, violation or mistake with their security team.
When asked, “How confident are you at spotting [various types of] online scams?”, nearly 83% of all respondents felt Very Confident or Quite Confident overall in spotting email phishing. Only 16% of total respondents felt Not Very Confident or Not At All Confident, when looking at email phishing. But Norway’s Not Confident percentage came in at nearly 43%. In the UK, only 10% of respondents felt they were lacking confidence in detecting online scams and 62% said they had never fallen for any type of online scam. This is an interesting and quite a large difference in confidence levels for detecting online scams between Norway and the UK.
Another question asked, “How comfortable would you be to report a security issue, violation or mistake to your security team?”. In average across all surveyed countries, nearly 53% of all respondents said they would be Very Comfortable. That number dropped to a low of nearly 35% in Germany and nearly 39% in the Netherlands, but was nearly 80% in South Africa. This shows that South Africa is far ahead of the other countries surveyed in making their employees more comfortable with reporting security incidents.
"One of the major takeaways of this research is that culture is a critical factor in building your human defence layer," said Stu Sjouwerman, CEO, KnowBe4. "Part of developing a strong security culture is to understand that users across different countries or regions will have different attitudes and behaviors regarding security. That is why it is critical that security awareness training be localized for each region, not simply translated. A successful security awareness program is one that is sensitive and tailored for users from different backgrounds, cultures and languages. This piece of research is just one of many initiatives that KnowBe4 plans for the future to help emphasize the importance and methodology for improving security behaviour and building a strong security culture within your organization for the long term."
“For years, security teams were often painted in a negative light by fellow colleagues, viewed as an obstacle to efficiency, the strict enforcers of rules, or at the very least, elusive. Yet, our survey suggests a shift in perception. It seems security teams are becoming a trusted and dependable resource for employees, and this could not have come at a better time as cybercrime rates rise to an all-time high. It is promising to see a high level of security awareness among the public as well,” said Javvad Malik, lead security awareness advocate at KnowBe4. “Nevertheless, this should not be misinterpreted as a sign to fall complacent. As with all things, maintaining a strong security culture and awareness takes work and consistency.”
Other key findings:
- 13% of respondents report a security incident to their IT security team up to once a week on average, and a fifth (20%) report an incident up to once a month on average.
- No further action was taken by security teams in 18% of cases where a phishing link was clicked, while 14% were reprimanded for their mistakes. Moreover, 11% received disciplinary action or faced HR involvement as a result.
- 37% of those who were not comfortable reporting an issue, violation or mistake to their security team, cited the process of reporting an incident as being too difficult. A third (33%) claimed to be scared to report an issue and nearly one in 4 respondents did not know how to report an incident.
- Remarkably, 23% of Security Awareness Training programs have incorporated the threat of deep fake videos.
For the full report: https://www.knowbe4.com/hubfs/Security-Habits-2021.pdf
About KnowBe4
KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 44,000 organisations around the globe. Founded by IT and data security specialist, Stu Sjouwerman, KnowBe4 helps organizations address the human element of security by raising awareness about ransomware, CEO fraud, and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, an internationally recognised cybersecurity specialist and KnowBe4's Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organisations rely on KnowBe4 to mobilize their end users as their last line of defence.