IT security is fully effective when it is also supported by the workforce
For effective IT security, it is essential that employees in the company are able to work well with the measures and guidelines that have been put in place and comply with them. These include, for example, security solutions and password requirements. Almost 67 percent of employees rate their own handling of these as good or very good. This is one of the findings of the representative study “Cybersicherheit in Zahlen” G DATA CyberDefense, Statista, and brand eins. This shows that planning IT security measures and guidelines is not just about comprehensively securing systems. It is clear that these measures must also be practicable for the workforce in their everyday work.
To ensure IT security in companies, IT managers rely on a mix of measures (including solutions and services) and guidelines, for example for handling company-owned computers. However, it is not enough to simply purchase and implement these. Employees must be involved so that they understand and support the regulations, such as the mandatory use of multi-factor authentication. This is the case in the majority of German companies, as evidenced by G DATA's “Cybersicherheit in Zahlen”. Nearly half of those surveyed are comfortable with the situation, and just under 20 percent are very comfortable. Only seven percent feel left behind. A quarter of employees find it only partially manageable. For companies, this result means that a high proportion of the workforce is confident in dealing with IT security issues. Nevertheless, they must remain vigilant to ensure that all employees support the IT security concept and thus contribute to corporate security.
“IT security measures are only truly effective if employees understand them and apply them correctly in their everyday work”, says Andreas Lüning, co-founder and CEO of G DATA CyberDefense AG.
“As soon as guidelines are unclear or unnecessarily complex, shortcuts are taken in practice—rules are circumvented or implemented incorrectly. Attackers are aware of this and exploit it deliberately.”Greatest need for improvement in public services and health & social servicesA look at the various sectors shows that employees of telecommunications and IT companies are the most confident when it comes to security policies and measures. In contrast, the highest proportion of employees with deficits can be found in administration and the health and social services sector.
Positive view of IT security guidelines Most respondents consider IT security regulations to be fundamentally sensible. However, almost 37 percent of the workforce also states that compliance costs time in everyday life. In contrast, 35 percent not only feel secure, but also feel that their workload is reduced. Less than one in ten (8 percent) find the necessary guidelines cumbersome and limiting to productivity.
IT security guidelines are necessary to strengthen cyber defense. They have an impact on the daily work of employees, for example, through the possible requirement to use a password manager or the need to lock the computer when leaving the workplace. IT managers have a responsibility here to develop sensible and practical rules that ensure greater IT security without limiting productivity.
“Cybersicherheit in Zahlen” available for download“Cybersicherheit in Zahlen” has been published for the fifth time and is characterized by a high density of information and particular methodological depth: More than 5,000 employees in Germany were surveyed as part of a representative online study on cybersecurity in a professional and private context. The experts at Statista closely monitored the survey and, thanks to a sample size that far exceeds the industry standard, are able to present reliable and valid market research results in the magazine “Cybersicherheit in Zahlen”. In addition, the market researchers have compiled figures, data, and facts from more than 300 statistics into a comprehensive reference work on IT security.
Here you can donwload “Cybersicherheit in Zahlen”.