Fujitsu study shows corporate security fails to keep pace in the new normal

Sydney, April 19, 2021 - Fujitsu has released a new study that shows organisations may have accidentally created a workplace culture where employees are now more reluctant to report cybersecurity issues for fear of recrimination.

Findings from the Building a Cyber Smart Culture study suggest many employees working remotely feel more isolated than ever and less able to ask a workmate for casual advice around cybersecurity issues. The study showed 48 per cent of non-technical employees were reluctant to report any potential threats for fear of possible recrimination, leaving organisations exposed to cyberattack. The study is based on a survey of 331 senior executives from 14 countries and five broad industry groups: financial services; retail; manufacturing (including automotive); energy (including utilities); and government.¹

Key findings of the study included:

• 54 per cent of organisations were unable to ensure that security policies had kept pace with significant changes.
• 45 per cent of respondents believed cybersecurity had nothing to do with them.
• 60 per cent said all employees in their company received the same cybersecurity training, despite significant differences in roles and security issues they face. Of the businesses that provide role-based training, 61 per cent found it ineffective, citing factors such as the training being too boring (35 per cent), too technical (35 per cent), or too long (32 per cent).
• 69 per cent of respondents thought cybersecurity training was most effective when it involved games, rewards, or quizzes to improve security awareness or behaviour.

Martin Holzworth, Head of Portfolio, Cybersecurity, Fujitsu Oceania, said, “For many organisations, cybersecurity was forced into the back seat in the race to enable remote working at the start of the COVID-19 pandemic. In too many cases, these makeshift, temporary arrangements are still in place. This means organisational cyberattack surfaces have increased; however, employees are reluctant to report potential incidents. An integrated approach is needed to implement cultural change that focuses on cybersecurity.

“The most common security breaches occur when employees click on email links or open attachments that deploy malware or collect sensitive information in phishing attacks. Addressing this weakness with the right corporate culture and knowledge sharing is the cheapest and most effective cybersecurity measure that a company can take.

“Organisations need to empower and engage employees on an individual basis to ensure they are aware of potential security risks. They need to introduce a culture where everyone’s job contributes to the company’s overall security posture. However, it must be supported by the CEO and heads of departments. If cybersecurity is not owned at the top, it is not owned by the organisation. Investment in creating the right culture, educating employees, and building trust makes organisations genuinely resilient to modern cyberthreats.”

Fujitsu’s advanced security solutions help businesses and public sector organisations minimise disruption and maintain business continuity by strengthening their security strategy and operations. Fujitsu’s intelligence-led solutions are supported by an integrated and collaborative approach to cybersecurity challenges. This lets Fujitsu’s customers adopt a security model that protects the organisation without hindering business growth.

• ¹The global survey was conducted in September 2020 by Longitude / Financial Times on behalf of Fujitsu.
  

All company or product names mentioned herein are trademarks or registered trademarks of their respective owners. Information provided in this press release is accurate at time of publication and is subject to change without advance notice.