A recent report from Kaspersky has revealed that while most organisations regularly face employee data leakage, almost half of those organisations prefer not to disclose these incidents publicly. According to the Kaspersky Employee Wellbeing 2021 report, about 45 per cent of organisations do not reveal publicly if there has been a data breach. On the other hand, the report mentions that employees also lack basic cybersecurity knowledge and may not know how to protect themselves from data breaches since only 44 per cent of businesses offer IT security training to their staff.
The cybersecurity company pointed out technology can help prevent cyberattacks but 85 per cent of all the incidents occur due to human factors. And due to this, it is important to have employees across levels coming together to learn about cybersecurity.
Kaspersky pointed out that while high-profile data breaches are mainly associated with stealing customer information, stealing personal employee data is also quite popular with cybercriminals.
“In 2021, more than a third (35 per cent) of organisations weren’t able to provide complete security of their workers’ data and faced incidents involving this type of information. According to the survey, it is surpassed only by customers’ personally identifiable data (43 per cent),” the company said.
And since at least 45 per cent of the organisations that have been affected by a personal data breach did not disclose it publicly, the problem is clearly “bigger than it seems”.
“As for the rest, 43 per cent have shared information about an incident proactively and 12 per cent did so after it has been leaked to the media. This shows that this type of leak is the least frequently disclosed, compared to corporate or customer data breaches,” the report said.
“When an organisation faces a cyber-incident, correct crisis communications are no less important than response and recovery actions. There are ever-present risks of data breaches, and businesses should acknowledge that proactive disclosure is preferable to an exposé in the press,” said Evgeniya Naumova, Executive Vice President, Corporate Business, at Kaspersky.
“Appropriate, accurate, and timely communications, however, not only minimize the potential reputational damage but can also greatly mitigate direct financial losses,” she added.
The fact that employees lack knowledge regarding cybersecurity incidents is what makes these breaches worse. According to the report, “only 44 per cent of organisations have already implemented security education and training to ensure that employees are provided with crucial information and “more than a half (64 per cent) of those companies have experienced at least one issue relating to the quality of these services”, which include “dissatisfaction with the high complexity of courses and a lack of support or expertise on the part of the training provider”.
As the company pointed out, those who have not been trained cannot be expected to follow the rules. “Companies regularly face informational security infringements (41 per cent), inappropriate IT resource use (42 per cent), and improper sharing of data via mobile devices (38 per cent),” the report stated.
Copyright©2022 Living Media India Limited. For reprint rights: Syndications Today