Is EMEA suffering from 'security fatigue'?

Research reveals that over half of employees in EMEA don’t regularly think about cybersecurity.

Although workers in EMEA understand security risks and consequences, they are taking less action than their global counterparts. This is according to a recent report by networking solutions provider Aruba, which highlighted that staff in EMEA consider cybersecurity as an afterthought and don't worry about legislative compliance compared with other regions.

Surveying more than 2,500 employees across EMEA, Aruba found that over half (55 per cent) didn't regularly think about cybersecurity, and nearly a fifth (17 per cent) didn't think about it at all. This is very different from workers in Asia and the Americas, who Aruba says think about cybersecurity often or daily (61 per cent and 51 per cent respectively).

The company believes EMEA workers' lack of action could be down to ‘security fatigue', brought on by over-exposure to security rules with little technical assistance.

"Security fatigue is a state of exhaustion that sets in among workers who are constantly presented with new security messaging, tools and procedures, along with constant media coverage of breaches and threats by the media," says Gamal Emara, Country Manager - UAE at Aruba.

"Inundated with this information, it's easy to see how workers could think that it's impossible to avoid a breach and would pay less attention to security checks that ultimately slow down their working day. As the influx of data from mobile, cloud and IoT devices continues to flood the network, security teams find it almost impossible to keep on top of all of the data that they need to secure, which adds to the problem," he notes.

Until recently, security wasn't something employees really had to give much thought to. Less than a decade ago it wouldn't have been on their radar at all, but now security has become everyone's problem - including that of each individual within an organization. Outside of their comfort zone and not sure where to start, employees resent that they've become responsible for security.

"There's also an unsettling feeling of fluidity due to fast-paced changes in the cybersecurity landscape," points out Bridget Kenyon, Global Chief Information Security Officer at Thales eSecurity. "As soon as employees think they are up to date with risks and what to do, something changes and what they are doing is no longer good enough. With this constantly changing advice on how to approach security, employees feel as if they are facing a never-ending uphill struggle; this is causing them to give up and stop trying. It's like being given lots of homework, finishing it all, and as a prize getting more homework."

To continue reading this article register now