Study: Employees may not report cybersecurity incidents

Jul. 25, 2017 – Employees may be hiding IT security incidents from their bosses to avoid punishment, according to a recent report from Kaspersky Lab and B2B International.

The report, called Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within, suggests that such behaviour occurs in 40 per cent of businesses.

Forty-five per cent of enterprises (over 1,000 employees) experience employees hiding cybersecurity incidents, with 42 per cent of SMBs (50 to 999 employees), and only 29 per cent of VSBs (under 49 employees).

The report also indicates that carelessness and lack of knowledge is also a leading cause of potential cybersecurity incidents, second only to malware.

“The problem of hiding incidents should be communicated not only to employees, but also to top management and HR departments,” said Slava Borilin, security education program manager at Kaspersky Lab. “If employees are hiding incidents, there must be a reason why. In some cases, companies introduce strict, but unclear policies and put too much pressure on staff, warning them not to do this or that, or they will be held responsible if something goes wrong. Such policies foster fears, and leave employees with only one option — to avoid punishment whatever it takes. If your cybersecurity culture is positive, based on an educational approach instead of a restrictive one, from the top down, the results will be obvious.”

Additional information and the full report is available on the Kaspersky Lab blog.