How Large Companies Tackle Cyber-Security

How Large Companies Tackle Cyber-Security

How Large Companies Tackle Cyber-SecurityHow Large Companies Tackle Cyber-Security

Most large companies have cyber-security policies in place and focus on informing and training employees on security issues rather than enforcing policies.

Ubiquitous Cyber-Security PoliciesUbiquitous Cyber-Security Policies

94% of large American businesses have a cyber-security policy in place. Of these, 87% created the policy at least three years ago.

Elements of a Cyber-Security PolicyElements of a Cyber-Security Policy

Required security software: 84%,
How to back up data: 81%,
How to detect scams: 79%,
How to report security incidents: 78%,
Requirements for regularly updating computers: 75%

Communication and ComplianceCommunication and Compliance

Communicate policies clearly to all employees: 85%,
Monitor policy compliance: 79%,
Train employees to follow policies: 77%,
Enforce consequences for not following policies: 66%

Addressing the Threat LandscapeAddressing the Threat Landscape

Companies that focus on communication, compliance and training are addressing the evolving cyber-security threat and the internal risk employees pose.

Evolving Cyber-ThreatsEvolving Cyber-Threats

Cyber-threats evolve with the introduction of new technologies, so the most effective way to combat perennial cyber-threats is to continually update and effectively communicate policies.

Employees Are a Security LiabilityEmployees Are a Security Liability

Employees are a major security threat to every company. Their use of personal mobile devices and remote work are just two factors that put their company at risk.

The Threat of Remote WorkThe Threat of Remote Work

89% of the companies surveyed allow employees to work remotely, and 74% also allow them to use personal devices for work.

Gamifying Policy ComplianceGamifying Policy Compliance

To promote employees’ understanding of a company’s cyber-security policy, consider making a game based on testing how well employees follow that policy. For example, send out a phony phishing scam email and see how many employees comply with company policy.

Balance Enforcement With ConcernsBalance Enforcement With Concerns

Companies should balance employee concerns with enforcing the consequences of violating cyber-security policies. 47% of respondents said their company’s cyber-security policy is strict, but 52% characterized it as moderate.

Resenting Resenting “Big Brother”

A company’s security policy must have teeth, but employees’ morale can suffer if they feel watched, so strike a balance that enables employees to do their job safely without fearing company oversight.

Benefits of Cyber-Security InvestmentsBenefits of Cyber-Security Investments

Protection from external threats: 35%,
Fewer internal activities that put the company at risk: 26%,
Compliance with industry, federal or international regulations: 21%,
Peace of mind, preparedness if there is a cyber-security incident: 16%, Other: 2%

Karen A. Frenkel
Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Latest Articles