Chances are, your employees have a lot on their plates right now.
With lives upended by a global pandemic and many workers reporting from home for the first time, lacking their traditional work tools and switching to unfamiliar ones, worries are probably running high.
And that concern bleeds into their relationship with cybersecurity.
The majority of CISOs and CIOs are clear: remote work brings a cybersecurity risk.
According to a recent survey from PwC, 61% of CISOs and CIOs have seen cybersecurity risks increase during the shift to remote workforces. The survey, called "It's Time to Adopt a Cyber-Savvy Culture," looks at how cybersecurity currently resonates with employees.
What does the data reveal about your employees and how they are thinking about cybersecurity right now?
The bag is somewhat mixed. On one hand, employees are expressing some mild to strong concerns about these company-related cyberattack consequences:
And worries are a little higher when it comes to personal consequences:
On the flip side, though, only 22% are very worried about personal financial loss from an attack, and just 15% say they're very worried about their emails being exposed.
PwC reveals that in areas where end-users are confident about cybersecurity, that personal confidence likely stems from belief in their company's cybersecurity practices:
"In fact, 75% of respondents say they trust their employer more than they trust tech companies to keep their personal information safe. But employees may not be aware that many attacks on organizations aren’t necessarily targeting the company. Instead, they're aimed at stealing employee data, such as salary and retirement information, health status and other personal information."
So that appears to be a cybersecurity disconnect uncovered by the research.
Another example pops up around security awareness. In particular, how employees feel about the security education they've received since the pandemic:
"Nearly 70% of CISOs and CIOs say they increased security training as a result of COVID-19. In contrast, only 30% of employees say their employer offered training on the dos and don'ts of protecting company and personal digital assets, data and information."
And other portions of the survey reveal pain points around the endpoint and big data.
"Less than a third say their employer provided devices so they could work outside the office without having to use their personal devices. And only 23% say their firm provided a compelling case for why employees need to have good data security habits."
This data stands in contrast to what CISOs and CIOs are saying:
"...CISOs and CIOs report strong positive impacts from investments to secure remote work (such as authenticating employees accessing their networks and managing mobile devices and other endpoints beyond corporate networks), as well as investments in real-time threat detection and intelligence."
How should employers mitigate the dissonance between employees and cybersecurity professionals?
PwC offers an eight-step action plan for CHROs, CIOs, and CISOs.
Read more in this new research: "It's Time to Adopt a Cyber-Savvy Culture"