A new study has revealed that workers across Europe understand security risks and consequences, but are taking less action than global counterparts.
Despite being fully aware of security risks following the introduction of high-profile legislation like GDPR, European workers have the worst cybersecurity discipline in the world and displaying signs of ‘security fatigue’, according to a study by Aruba, a Hewlett Packard Enterprise Company.
Conducted to understand how the digital workplace is impacting businesses, the study of 2,650 European employees brought to light key security based trends:
Cybersecurity is an afterthought
Over half (55%) of European employees are not regularly thinking about cybersecurity, with nearly a fifth (17%) not thinking about it at all. In contrast, global counterparts in Asia and the Americas think about cybersecurity on a far more regular basis (61% and 51% respectively think about it often or daily).
Legislation isn’t a deterrent
European employees were more aware of the dangers of a security breach. When asked, 42% understood that data loss brought legal ramifications, higher than both the Americas (36%) and Asia (27%). However, the study shows despite this, a quarter (26%) still don’t believe cybersecurity is important to them. Combined with the fact that the use of security software is lower in Europe (48%) than other regions, there are clear signs that security warnings are not being acknowledged by the workforce.
Lack of responsibility
Europe may simply be assuming less responsibility for IT security than those in other regions. Over a third (36%) of European employees don’t believe cybersecurity is their problem, with many thinking it’s for the leadership team (10%) or the IT team (26%) to manage.
According to Morten Illum, VP EMEA at Aruba, this attitude could be due to ‘security fatigue’ brought on by over-exposure to security rules with little technical assistance.
He said, “Employees in Europe have been inundated with security messaging through their organisations, as well as the media. Clearly giving further warnings and adding procedures isn’t having the desired effect. If employees understand the risks, but aren’t acting on it, the answer is not to provide yet more training, but to bring in enhanced technology that can provide the assistance and the protection workers need to do their jobs.”
How do European countries compare?
- UK employees are the most concerned about data security: 53% of UK employees surveyed believe cybersecurity to be extremely important. Greater than France and Germany at 45% and 39% respectively.
- French employees don’t grasp the legal dangers of a breach: Only a fifth (20%) of French employees understand the legal ramifications of a data breach, compared to half (50%) of UK employees.
- Spanish employees don’t see cybersecurity as relevant: Almost half (41%) of Spanish employees think cybersecurity isn’t important for a working environment.
- Cybersecurity not up to par in the Netherlands – Employees in the Netherlands have the lowest opinion of their cybersecurity at work; 50% regard it as ‘fair’, ‘poor’ or ‘very poor’
A CARTA approach to security
An autonomous approach to security is increasingly becoming more of an imperative as mobile and remote working is becoming the norm. In Europe, the amount of employees working in remote or shared locations is now at 53%, according to Aruba’s study.
This new paradigm creates the need for smart digital workplaces that deliver secure and reliable, optimised and personalised experiences that will foster employee creativity, collaboration, and speed, without clunky security systems causing barriers.
To succeed, Gartner has recommended a Continuous Adaptive Risk and Trust Assessment (CARTA) approach to security which leans heavily on AI, analytics and automation to embrace the opportunities and manage the risks of digital business. This leads to a more productive and more motivated employee, with a greater sense of job satisfaction.
A total of 7,000 employees were interviewed in April and May 2018. The respondents were from organisations of all sizes, across both public and private sectors, with a focus on the industrial, government, retail, healthcare, education, finance and IT/technology/communications sectors.
Interviews were conducted both online and via telephone using a rigorous multi-level screening process to ensure that only suitable candidates were given the opportunity to participate.
Respondents were interviewed in the United Kingdom, Germany, France, the Netherlands, Spain, United Arab Emirates, the United States, Singapore, Japan, Australia, India, Brazil, Mexico, China and South Korea.