Over 90% of large US companies with 500+ employees have a cybersecurity policy in place to protect them from both real and anticipated threat, according to a new survey from Clutch (www.clutch.co) a B2B ratings and reviews firm.
Clutch surveyed over 300 corporate IT decision-makers about what to include in a cybersecurity policy and found that security software, data backup and storage, and scam detection are the most common areas cybersecurity policies cover. Phishing attacks are the cybersecurity attack large companies most commonly experience: 57% of IT decision-makers said their company experienced a phishing attack in the past year.
Over 80% of IT decision-makers surveyed say they proactively communicate their company’s cybersecurity policy, policy compliance, and training to employees. However, only two-thirds (66%) of these decision-makers enforce their company’s cybersecurity policy.
Experts contribute the drop-off in enforcement to the struggle companies face when balancing policy adherence with employee concerns. This suggests that some employees’ work experience may be affected by a strict employer’s cybersecurity enforcement policy.
“If someone violates the policy and they’re immediately terminated, it negatively impacts morale within the company,” said Tom DeSot, CIO of Digital Defense, Inc., a cybersecurity company based in San Antonio, TX. DeSot adds that employees may be less engaged in their company’s culture and fear for their jobs because they are concerned that violating cybersecurity policy may lead to being terminated.
Experts recommend regular communication to employees about cybersecurity policy(s) so employees are aware of expectations and consequences of noncompliance but don’t feel they are being micromanaged regarding security precautions.
IT decision-makers think the best way to improve their companies’ cybersecurity policies is to invest in technology. In support of that position, 71% say their company will invest more in cybersecurity resources and technology over the next year.