New research by leading information security company Clearswift shows how attitudes to cyber security have changed in the boardroom and among staff in the wake of the recent WannaCry attack, surveying 600 business decision makers and 1,200 employees across the UK, US, Germany and Australia.
Within a day the WannaCry attack, which affected major organisations including the National Health Service (NHS), was reported to have infected more than 230,000 computers in over 150 countries, once again bringing the issue of cyber security into focus for business and consumers alike.
The scale of the WannaCry attack was evidenced none more so than the sheer awareness amongst the general public, with more than three quarters (77%) of people surveyed having knowledge of the attack, with the number even higher (88%) in the UK.
With 58% of firms in the UK expecting another attack over the next few months, it is clear that the attack has sent ripples through the industry and brought cyber security front of mind for both employees and businesses. Following the events, 29% of UK businesses will now add cyber security to the boardroom agenda and 29% of firms worldwide have pledged to implement stronger cyber security measures.
With 80% of UK employees increasingly worried about how companies hold their data and an identical number (80%) worldwide sharing those concerns it’s no surprise that 38% of employees that were aware of the attack worldwide are now reading more about cyber security in the aftermath of the events. Additionally, 33% have changed their passwords, formally enrolled in courses (24%), or are taking steps to ensure their companies raise their game in cyber security (26%).
Dr. Guy Bunker, SVP Products at Clearswift Said: “UK employees are worried about the practices of the custodians of their data, however the gulf between front line security professionals and Board members may at last be bridging, with close to a third (29%) now recognising cyber security has a place at the boardroom table.
“Organisations need to answer the clarion call we are hearing from employees to learn from these events and start to raise their game and update their policies, procedures and technology to mitigate against future attacks as well as preparing for the introduction of new data regulations that are on the horizon.”
Those in the public sector took a slightly more relaxed attitude to how their data is held with more than a quarter (28%) not being worried by the attacks compared to 17% in the private sector.
With one of the UK’s most well-known organisations, the National Health Service (NHS) being front and centre of the attack it may be surprising to learn that UK employees who were aware of the WannaCry attack, were less likely than those in the USA, Australia and Germany to change their passwords, read more about cyber security or even ask their company for advice. The US (49%) proved most likely to action change, followed by Australia (43%), Germany (37%) and then the UK (35%)
The future may be brighter however as more than half (55%) of those aged 18-24 that were aware of the WannaCry attack, have taken the initiative to read more about cyber security with 29% enrolling in courses or certifications.
Dr Bunker added, “An educated workforce that is well briefed on policies and procedures will go some way in limiting the effects of a breach, however Boards need to take a proactive stance on this. Having the latest security technology enables organisations to stop attacks at the boundary, before they enter a network, by removing the source of an attack from documents and attachments shared into an organisation.”