Cybersecurity information sharing is a crucial element of a strong security culture, and organizations should actively facilitate and encourage it to reduce human risk, a new report from KnowBe4 argues.
Called “Cybersecurity Information Sharing as an Element of Sustainable Security Cultured,” the report was authored by Dr Martin Kraemer, Security Awareness Advocate at KnowBe4, and Dr William Seymour, a Lecturer in Cybersecurity at King’s College London. It examines how people consume and share cybersecurity information to understand the role that workplace training plays in fostering information sharing among colleagues.
Why Information Sharing Matters
While arguments advocating for cybersecurity awareness training are nothing new, the KnowBe4 report argues that awareness alone isn’t enough they quote the adage, “just because I’m aware does not mean I care.”
KnowBe4 believe that to truly reduce human risk, employees must actively engage with cybersecurity knowledge, share it with their networks, and incorporate best practices into their daily routines.
According to report, proactive behaviors – like employees discussing threats, reporting suspicious activities, and helping their peers understand cybersecurity risks – are crucial to a strong security culture. These can not only improve organizational security but even extend into employees’ personal lives.
“Successful security awareness programs recognise that engaged employees are more likely to share important insights with their colleagues, strengthening the workplace security culture,” said Kraemer.
What Do People Share? And Why?
The report, which presents findings from respondents across the US, UK, Germany, and France, reveals than an overwhelming majority (95%) of people have read or watched security content at least once, and 77% had received cybersecurity information from others.
In terms of the type of content people share, data breaches (22%), phishing (17%), and hacking incidents (15%) – notably the topics that most often make major news headlines – came out on top.
But why do people share cybersecurity information? According to the KnowBe4 report, it’s most often to protect themselves and others. Employees who had received cybersecurity news from colleagues and friends generally assumed the sender was trying to help them stay safe online.
The Role of Workplace Training
The report highlights a wide variation in cybersecurity awareness training adoption worldwide. Although 57% of those surveyed reported receiving such training, national rates ranged from a high of 73% in the UK to a low of 38% in France, with the US and Germany falling in between at 60% and 55%, respectively.
Similarly, there are massive disparities in the type of content employees tend to remember. Training recipients were more likely to recall phishing threats (+10.3%) but less likely to remember data breaches (-10.1%). This suggests there may be gaps or blind spots in training provision.
What’s more, the KnowBe4 report also suggests that workplace training alone doesn’t motivate employees to share cybersecurity information. Respondents were also relatively less likely to share phishing information (-5.7%) and more likely to share ransomware news (6.7%) or generic information on a data breach (4.9%).
Bridging the Gap: Encouraging Cybersecurity Discussions
So, how does KnowBe4 recommend overcoming these challenges? Kraemer argues that, ultimately, “the more you care, the more you (want to) share. When employees are properly engaged with cyber risks, the more likely they are to openly communicate with others about this topic and create a stronger security culture in the workplace.”
More practically, KnowBe4 suggests removing barriers to cybersecurity information sharing. Training content should be designed to be engaging, easy to share, and applicable both at work and at home. Encouraging employees to discuss cybersecurity with family and friends can create a ripple effect, spreading awareness beyond the office.
KnowBe4 also advocates for recognizing cultural and individual differences when designing and delivering security programs. Preferences for consuming and sharing cybersecurity content varies by age: younger employees prefer social media, while older employees prefer broadcast and podcast news sources. Understanding these differences can help organizations tailor their cybersecurity messaging for maximum impact.
The key takeaway here is that the more employees read, learn, and share cybersecurity knowledge, the stronger the defense against cyberattacks. Organizations must embrace this reality and build security programs that not only educate but also inspire a proactive approach to cybersecurity.
Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.