Office staff think they’re in safe hands with cyber security teams, but communication could be better

Cyber security practitioners observing a colleagues screen in an office environment
(Image credit: Getty Images)

The vast majority of office workers think cyber security teams can be trusted to do a good job - but a quarter reckon they're secretive and out of sight. 

According to research from risk management platform supplier CybSafe, workers appreciate the importance of the cyber security team, with 86% seeing it as a ‘necessary function’, and 88% taking time to read security advisory bulletins in their daily routine.

Meanwhile, 97% say that - at least moderately - they trust their cyber security team’s ability to prevent or minimize damage from cyber attacks.

However, despite the prevailing sense of trust, security teams weren’t found to be universally popular. Around one-quarter of workers found security practitioners to be “secretive” and “out of sight”, with a similar number adding that they’ve found them to be slowing progress on at least one occasion.

Similarly, one-quarter said security teams have been a hindrance to personal objectives at work, and intrusive.

Only 12% said their cyber security team was visible and easy to contact - which may in part be due to the prevalence of home working these days.

Nearly eight-in-ten people said they work remotely at least part of the time and, of these, around one-third report having little to no familiarity with the cyber security professionals protecting their systems.

"With dispersed teams, old security protocols can feel restrictive rather than protective for many employees today,” said Jason Nurse, CybSafe science and research leader. "We need human-centric awareness built on mutual understanding for safety that feels like support."

Reassuringly, more than eight-in-ten workers agree that all employees share responsibility for cyber security.

"The research makes clear that most workers feel a sense of personal responsibility for protecting their organization’s data," Nurse said. 

"It’s up to the cyber security team to build on this goodwill, creating an environment where mistakes aren’t punished but expected, and one little click doesn’t destroy a network due to a culture encouraging fear of reprisal."

How can cyber security teams improve?

CybSafe's research revealed how staff think that cyber security teams could up their game. 

More than one-third cited a lack of cyber security education and training as a top pain point for them; and four-in-ten said they'd like their security advice to be based on real-life examples, without overly technical details or gamified training modules.

Many employees said they want to know the signs to look out for in their daily work, the types of attacks that are most likely and require most attention, and the reporting process to get issues resolved swiftly.


This CEO's guide from IBM shares how generative AI can fortify your business security

(Image credit: IBM)

Discover how you can fortify your business defenses with generative AI


"While you don’t necessarily want to make business processes difficult, you do want to make sure that it is not easy to do the wrong things,” said CybSafe CISO and Vice president Ira Winkler.

“At the same time, users and the company as a whole should understand that cyber security embedded in business practices enables organizations to do things they otherwise would not be able to do.

"For example, cloud based applications would not be possible unless data could be secured across the internet and users could authenticate themselves properly."

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.