RESPONSIBLE SECURITY BEHAVIOR: The enterprise employees surveyed appear to have a stronger level of understanding when we shift the conversation to responsible security behavior. More than 2/3 named habits such as using an encrypted file system, storing files on a secure server, and regularly changing passwords as such. Upwards of 80% view updating AV software and shredding confidential documents as important when it comes to keeping their organization safe. What then also comes into focus is a significant — and somewhat startling — gap in putting this awareness into practice. With just one exception (the changing of work passwords), less than half of respondents who deemed a security behavior important were able to confirm engaging in that same behavior in the previous 60 days. Less than 20% confirmed moving files to secure servers, using an encrypted file system, or reporting suspicious behavior in that same timeframe.









47% of employees believe that cyber and data security are someone else’s responsibility

85% of employees say it’s important to update anti-virus software regularly, only 37% confirmed doing so within a 60-day period

83% of employees say it’s important to shred confidential documents after use, only 41% confirmed doing so

75% of employees say it’s important to use an encrypted file system, only 16% confirmed doing so

71% say it’s important to change account passwords, only 42% confirmed doing so

70% percent say it’s important to report suspicious behaviors, only 4% confirmed doing so

69% say it’s important to use two-factor authentication, only 30 percent confirmed doing so

68% say it’s important to move files to secure servers, only 14% confirmed doing so

“The results of this survey show that employees are becoming increasingly educated on how to help defend their workplaces against cyberattacks and data breaches. It also shows that most employees don’t feel responsible for helping their employers to reduce risk,” said Mohan Koo, Dtex co-founder and CTO. “Organizations must provide employees with more proactive and engaging security awareness and training opportunities that take advantage of ‘teachable moments’ as they happen. This is the only way to truly shift culture in an ongoing manner. To identify these moments, organizations must utilize technologies that provide real-time visibility over how employees are behaving and accessing and sharing data, while on and off networks.”

Methodology

Dtex, in partnership with market research firm YouGov, surveyed more than 1,000 public and private sector employees based in the US. The findings in this report represent the data collected from a subset of survey respondents — 755 full-time enterprise (non-government) employees.

