New research from CybSafe has shed light on an alarming trend in today’s workplaces. Digital overload and multiple new communication channels are not only reducing productivity but are leading to a decline in engagement with cybersecurity training. As a result, people are increasingly ignoring cybersecurity notifications and are more likely to display risky cybersecurity behaviours like clicking on phishing emails or ignoring notifications to turn on Multi-Factor Authentication (MFA).
More than half (54%) of today’s office workers are ignoring important cybersecurity alerts and warnings due to information overload from digital communication. 47% admitted to feeling the information overload is having an impact on their ability to identify threats such as suspicious emails.
With 72% confirming they feel at least occasionally overwhelmed with the amount of information and communications they get at work, it’s little wonder cybersecurity engagement is being impacted as a result. Today's workers are frequently interrupted by the buzz of notifications, reminders, and messages on various platforms.
The new research is released as ICO data indicates a 41% year-on-year increase in data security incidents reported to the body between Q2 2022 and Q2 2023. Cyber incidents (a type of breach with a clear online or technological element which involves a third party with malicious intent.) saw a significant 157% increase over the same period, with ransomware and malware events seeing particularly prominent increases of 241 and 550%, respectively.
As cyber threats evolve and increase in complexity, the implications of these trends are concerning. Risks range from individual data compromises to significant business data theft.
Worryingly, the survey of 1000 office workers uncovered important cybersecurity warnings are going unnoticed. The digital deluge is affecting employees’ ability to spot cyber dangers. 41% feel information overload is impacting their ability to retain and apply knowledge gained from cybersecurity training sessions - a fact being displayed by people’s self-reported security behaviours.
Daily habits show a slip in safe actions and higher engagement in risky behaviour.
36% admit to occasionally cutting corners on cybersecurity practices
7% admitted they often skip steps like using safe networks or setting strong passwords, all in the name of saving time
Less than 1 in 4 employees - 23% - report being engaged with their cybersecurity training. And 41% say there's just too much information to remember and use. This shows that companies need to stop and consider better ways to help employees change their behaviour and engage with cybersecurity. If the end goal of an organisation’s cybersecurity programme is culture change, access to training in itself is not evidence the training is being consumed or internalised within the workforce. There is more work to be done on how and where leaders are communicating cybersecurity best practices to their workforce.
The survey lays bare the obstacles hindering cybersecurity training. The top barriers:
Time constraints (42%)
Interest and motivation (30%)
Complexity of training materials (15%)
No direct relevance to daily roles (10%)
The research also found 77% of people expect their digital experiences to be as frictionless and personalised as consumer experiences. This suggests leaders need to do more if they want to see stellar cybersecurity engagement within their workforce.
Oz Alashe MBE, CEO of CybSafe, reacted to the research, stating, "As time goes on, organisations understand the question ‘do our people have access to cybersecurity information?’ is the wrong one. Instead, many are now asking, ‘How do we give cybersecurity support in a way that will engage workers and lead to genuine behavioural change?’
“We must empathise with the workforce of today. Employees are caught in an erratic stream of emails with varying levels of importance and instant messages on multiple platforms, not to mention social media-it isn’t surprising cybersecurity information is getting lost along the way. Importantly, however, this inconsistency isn't merely inconvenient or irritating— it's actively undermining the goal of informed cybersecurity behaviour. This is the issue we now need to tackle as security professionals.”
“As a result, CISOs need to consider not only the material their people are consuming but on what platform it is being delivered to them and in what way.”