Employees across EMEA region are displaying signs of ‘security fatigue', along with lax attitudes towards cybersecurity, according to a study by Aruba.
The survey of 2,650 employees across EMEA found that most workers don't think very much about cybersecurity, aren't concerned about the legal ramifications of a security breach, and don't think cybersecurity is their responsibility.
Compared to workers in the US and Asia, EMEA employees, including those in the UAE, have the worst cybersecurity discipline, which could be due to too many corporate security awareness messages without sufficient technical support.
Morten Illum, VP EMEA at Aruba, commented: "Employees in EMEA have been inundated with security messaging through their organizations, as well as the media. Clearly giving further warnings and adding procedures isn't having the desired effect. If employees understand the risks, but aren't acting on it, the answer is not to provide yet more training, but to bring in enhanced technology that can provide the assistance and the protection workers need to do their jobs."
The survey questioned 7,000 workers across large and small organisations, in public and private sector, in EMEA region as well as the US, Mexico and Brazil, India, China, Japan, Singapore, South Korea and Australia.
Over half (55%) of EMEA employees are not regularly thinking about cyber security, with nearly a fifth (17%) not thinking about it at all. In contrast, global counterparts in Asia and the Americas think about cybersecurity on a far more regular basis (61% and 51% respectively think about it often or daily).
EMEA employees were more aware of the dangers of a security breach. When asked, 42% understood that data loss brought legal ramifications, higher than both the Americas (36%) and Asia (27%). However, the study shows despite this, a quarter (26%) still don't believe cybersecurity is important to them. Combined with the fact that the use of security software is lower in EMEA (48%) than other regions, there are clear signs that security warnings are not being acknowledged by the workforce.
Over a third (36%) of employees in EMEA don't believe cyber security is their problem, with many thinking it's for the leadership team (10%) or the IT team (26%) to manage.
This lack of interest in cybersecurity can in part be addressed by use of autonomous technology in security, which is increasingly becoming an essential part of enabling mobile, remote and shared workspace employees without burdening them with IT and security hurdles.
Gartner has recommended a Continuous Adaptive Risk and Trust Assessment (CARTA) approach to security which leans heavily on AI, Analytics and Automation to embrace the opportunities and manage the risks of digital business. This leads to a more productive and more motivated employee, with a greater sense of job satisfaction.