If you know me, then you know my stance on security already, but there are some new studies with statistics that are downright scary and we need to carefully consider what we are teaching our workforce.

First, let’s back up. We already know there is increased security risk due to remote work. Employers at 66% of companies took work devices home during the COVID-19 pandemic. Now we are seeing that roughly 71% of businesses do not have a plan to deal with potential cyberattacks and in the last year, small-to-medium size enterprises actually decreased their IT security by an average of $4.9 million.

Specopssoft’s survey shows that 31% of SME (small-to-medium enterprises) believe that bigger businesses are more at risk to threats than smaller ones. That is a myth. Every business is at equal risk. Here is where the numbers get a bit dicey. 42% believe they are prepared for any potential attack, yet 71% say they do not have a formal plan in place. I am not quite sure how that adds up. I did however, mention this on The Peggy Smedley Show that it’s interesting that we have a password management and authentication solutions company based in Sweden, which does have offices in the states asking these questions. But here’s my question, why aren’t more security companies asking these questions and doing the tough work to help companies fend off the bad guys? We know we have a problem. And here’s why.

And if I am reading between the lines in some other recent research, I think there is a bit of a tug of war happening here between employers and employees based on who is responsible for ensuring a company’s data is secure. Perhaps the question then becomes, who is responsible: employees or employers?

Let’s start with the employee. If we dig into the numbers, according to Visual Objects, more than one-third of full-time employees at companies in the United States admitted to not practicing basic cybersecurity protocols during COVID-19. In another study, it found that roughly 63% of full-time U.S. employees have reused passwords on work accounts and devices.

The biggest culprit here might not come as a big surprise: the data shows Millennial workers are 6.5 times more likely to always reuse work passwords than Baby Boomers who have safer password practices.

However, employees are fighting back, with roughly 91% of workers saying companies are at least slightly responsible for cybersecurity, and this is where things get a bit murky. Many of these workers say their companies aren’t requiring secure Wi-Fi networks, phishing training, two-factor authentication, VPNs (virtual private networks), or password managers. The survey shows currently 35% of employees are required to use a secure Wi-Fi network, 32% phishing training, 31% a VPN, and 31% two-factor authentication.

Therein lies the rub. Some companies may not be investing heavily in cybersecurity due to the economic uncertainty caused by the pandemic. Here is another way to put it. ResearchandMarkets says the global cybersecurity market is expected to grow from $149.46 billion in 2019 to $152.21 billion in 2020 at a rate of 1.83%. The slow growth is mainly due to the COVID-19 outbreak. As a result, companies’ budgets for cybersecurity software is expected to decline. The market is then expected to recover and reach $208.28 billion in 2023 at a rate of 11.02%.

So who is responsible? I agree security protocols start at the top, but it is ultimately the employee who needs to follow through here. We are all responsible for good cyber hygiene practices. This is especially critical, as we are living in an era where we are moving our data more often to the cloud and the edge. Trustwave says a whopping 96% of respondents to its survey plan to move sensitive data to the cloud in the next two years, with 52% planning to include highly sensitive data. Interestingly, while most companies are concerned with malware and ransomware, phishing and social engineering top the list of actual threats most experienced.

Now is the time to protect our data. We are racing fast and furious to implement new AI (artificial intelligence) and IoT (Internet of Things) projects, but we need to take the time to consider how we secure all this data, otherwise we are going to be sitting targets. How will you proceed?

Want to tweet about this article? Use hashtags #IoT #sustainability #AI #5G #cloud #edge #futureofwork #infrastructure #digitaltransformation #security #cybersecurity