Over 90% of large US companies with 500+ employees have a cybersecurity policy in place to protect them from both real and anticipated threats.
Clutch surveyed over 300 corporate IT decision-makers about what to include in a cybersecurity policy and found security software, data back-up and storage and scam detection are the most common areas that cybersecurity policies cover.
Phishing attacks are the most commonly experienced cybersecurity attack among large companies; 57 percent of IT decision-makers surveyed said their company experienced one in the past year.
Over 80% of IT decision-makers surveyed say they proactively communicate to their employees about their cybersecurity policy, policy compliance, and training when introducing and implementing their policy. However, only two-thirds of these decision-makers enforce their company’s cybersecurity policy.
Experts contribute the drop-off in enforcement to the struggle companies face when balancing policy adherence with employee concerns. This suggests that some employees’ work experience may be affected by how strict an employer cybersecurity policy is enforced.
“If someone violates the policy and they’re immediately terminated, it negatively impacts morale within the company,” said Tom DeSot, CEO of Digital Defense.
DeSot adds that employees may be less engaged in their company’s culture and fear for their jobs because they are concerned that violating cybersecurity policy may lead to being terminated.
Experts recommend regular communication to employees about cybersecurity policy(s) so they are aware of the expectations and consequences of noncompliance but don’t feel they are being micromanaged regarding security precautions.
IT decision-makers think the best way to improve their companies’ cybersecurity policies is to in technology. In support of that position, 71% say their company will invest more investment in cybersecurity resources and technologies over the next year.