More than 90% of large U.S. companies with over 500 employees have a cyber security policy in place to protect them from both real and anticipated threats, according to a new survey from Clutch, a B2B ratings and reviews firm.
Clutch surveyed over 300 corporate IT decision-makers about what to include in a cyber security policy and found that security software, data backup and storage, and scam detection are the most common areas policies cover.
Phishing attacks are the cyber security attack large companies most commonly experience: 57% of IT decision-makers said their company experienced a phishing attack in the past year.
Over 80% of IT decision-makers surveyed say they proactively communicate their company’s cyber security policy, policy compliance, and training to employees. However, only two-thirds (66%) of these decision-makers enforce these policies.
Experts contribute the drop-off in enforcement to the struggle companies face when balancing policy adherence with employee concerns. This suggests that some employees’ work experience may be affected by a strict employer’s enforcement policy.
“If someone violates the policy and they’re immediately terminated, it negatively impacts morale within the company,” said Tom DeSot, CIO of Digital Defense, Inc., a cyber security company based in San Antonio, TX. DeSot adds that employees may be less engaged in their company’s culture and fear for their jobs because they are concerned that violating policy may lead to being terminated.
Experts recommend regular communication to employees about cyber security policies so they are aware of expectations and consequences of noncompliance, but don’t feel they are being micromanaged regarding security precautions.
IT decision-makers think the best way to improve their companies’ cyber security policies is to invest in technology. In support of that position, 71% say their company will invest more in resources and technology over the next year.
The full report is available online.