"Fifth of Government Workers Don't Care if Employer is Hacked"

Security researchers at Ivanti have discovered that a culture of unaccountability, poor cyber hygiene, and limited staff training are creating a perfect storm of cyber risk for governments worldwide, with many workers unbothered about the prospect of a serious data breach.  The researchers polled 800 public sector workers worldwide.  The researchers found that a "not my job" attitude is exposing governments to excessive cyber risk.  Just a third (34%) of workers recognized that their actions impact their organization's security posture.  Nearly two-fifths (36%) said they haven't reported phishing emails in the past, while a fifth (21%) said they don't even care if the organization is hacked.  The researchers also found poor security practice was widespread: 40% used the same password for over a year, a third (34%) have used the same password across multiple devices, and 12% admitted accessing sensitive information they didn't require for work.  The researchers noted that younger (Gen Z and Millennial) respondents were more likely to have poor password hygiene.  This is increasingly important given that an estimated 70% of government employees are working at least some of the time remotely, where cyber risk is arguably heightened.  Governments are also failing the security test.  On average, only 39% of respondents said their employer provides mandatory training, while nearly a third (29%) don't require partners or vendors to complete such training.  Additionally, 17% of workers said they don't feel comfortable reporting a mistake they've made to the security team.  The researchers noted that this is already having an impact, as 5% of respondents said they had fallen victim to a phishing attempt, either by clicking a link or sending money.

Infosecurity reports: "Fifth of Government Workers Don't Care if Employer is Hacked"