97% of office workers across the UK and US trust their cybersecurity team’s ability to prevent or minimize damage from cyberattacks, according to CybSafe.
The study examining attitudes towards cybersecurity teams within organizations has uncovered that despite minor issues around communication and processes, there are high levels of trust and appreciation amongst employees. It indicates how cybersecurity teams and professionals are increasingly viewed as a vital strategic function enabling both individuals and business success.
The survey found an overwhelming majority see their cybersecurity team as a necessary and helpful function, with 86% characterizing the team as necessary and 72% calling it a vital company operation.
This trust also translates into security behaviors. When receiving communications from cybersecurity teams, 52% of respondents said they read emails immediately. A further 36% read emails within a day, showing focused attention to security updates for the vast majority of employees.
Positive impact of security teams on business goals
When it comes to the impact of security teams on business success, 74% believe security teams enable business goals as well as personal work objectives (77%), with just 7% of respondents stating their cybersecurity team has had an overall negative impact on their working experience.
While responses towards cybersecurity teams are largely positive, the research also reveals some concerns from respondents. For example, 38% have, on occasion, felt obstructed from doing their job efficiently due to security measures. Additionally, 24% felt the team had hindered personal progress at work.
25% found the cyber team intrusive, and nearly a third are unfamiliar with their roles and responsibilities, indicating issues with visibility. Finally, 45% believe regular employees need more mandatory cyber training, suggesting an opportunity for teams to build understanding and trust further through education.
As the number and complexity of cyberattacks continue to rise, businesses are making concerted efforts to increase cybersecurity visibility for all employees. Interestingly, the research suggests that while, ultimately, security teams are responsible for the maintenance of a positive security culture, workers feel a sense of responsibility for protecting their employer’s data. In total, 82% believe everyone in an organization shares responsibility for protection, not just security teams alone.
High levels of trust in cybersecurity teams
Cybersecurity teams also enjoy high levels of trust, with 97% expressing faith in their ability to prevent or minimize cyberattack damage. 85% believe their company invests enough in cyber defenses given current threat levels.
Of respondents who contacted their cybersecurity team for guidance, 88% were satisfied with the response. Just 5% were dissatisfied.
“We hear a lot of negativity regarding the uphill battle faced by many cybersecurity teams, especially those protecting sensitive data. Despite this, however, this research displays that professionals have a high level of confidence in the capabilities and actions of security professionals,” said Oz Alashe MBE, CEO of CybSafe.
“Cybersecurity and data protection is a collective effort, but ultimately, it is the role of the cybersecurity team to guide, inform and bolster this endeavor. By increasing visibility, improving communication channels and listening to their peers’ feedback, CISOs and their teams can reach out to those individuals struggling to engage with their message and continue improving their organization’s cyber resilience from the ground u,” added Alashe MBE.
“This does make it a pleasant surprise that users who reported were overwhelmingly satisfied with the response from the cybersecurity team. The implication is that cybersecurity teams are becoming more customer service focused and understanding of the needs of users,” said Ira Winkler, CISO and VP, CYE.
“While cybersecurity friction does have a bad connotation, the reality is that it can be useful and necessary. While you don’t necessarily want to make business processes difficult, you do want to make sure that it is not easy to do the wrong things. At the same time, users and the company as a whole should understand that cybersecurity embedded in business practices enables organizations to do things they otherwise would not be able to do. For example, cloud based applications would not be possible unless data could be secured across the internet and users could authenticate themselves properly,” concluded Winkler.