Modern threats require modern solutions. Secure your entire org with Threatlocker’s enterprise-level security software. Prevent ransomware and reduce your risk of cyberattacks with zero-trust endpoint protection.
When many employees see something, they don’t say something, according to a recent study on cybersecurity incident reporting.
Nearly one-half of surveyed IT and security personnel “were aware of a cybersecurity attack that their organization did not report to the appropriate external authorities,” Keeper Security said in a statement last week.
The survey of 400 North American and European tech professionals also indicated that employees don’t report 41% of known cyber incidents to an organization’s management.
This doesn’t mean employees are unaware of the risks of keeping quiet—or of their responsibility to speak up. Three-fourths of respondents who didn’t report a breach said they felt “guilty” about not doing so.
Several factors might discourage an employee from reporting an incident, Keeper’s results suggested. For example, 43% of respondents cited a fear of potential consequences, 36% assumed a report was unnecessary, and 32% simply forgot to take action.
According to Keeper, the results point to the need for a cultural shift around cyber reporting—including reassuring personnel they won’t get in trouble for speaking up.
“These responses underscore the importance of business leaders creating and upholding a culture of transparency, honesty and trust when it comes to cybersecurity,” the study said. “Cybersecurity is a shared responsibility and a fear of repercussion should never deter employees from reporting incidents that stand to cause serious harm.”
If your company needs to get its cyber strategy back on track, Keeper has a crucial tip: Your organization’s top brass is essential to setting the tone. Almost half of respondents said they didn’t believe their company’s leadership would respond to or care about reports of a cyberattack.
Another tip? Make sure your firm has a clear channel for disclosing incidents to management. About 22% of respondents said their company lacked such a system, which means those companies may be “opening themselves up to legal liabilities, compliance risks and costly financial penalties,” Keeper said.