Study finds ‘not my job’ attitude is contributing to cyber-risk in governments

A culture of unaccountability and poor cyber literacy is contributing to the risk of cyberattacks for governments worldwide, according to a new study by Ivanti.

The security vendor, which surveyed  800 public sector workers worldwide as part of its Government Cybersecurity Status Report, found that a “not my job” attitude is making governments more vulnerable to cybersecurity threats. 

The survey found that 34% of government employees around the world think their actions do not matter when it comes to security. In the UK, 27% of government employees said their actions do not impact their organisation’s ability to stay safe from cyberattacks; in Germany, this rises to 53%

Findings also revealed that 21% of employees are not concerned at the prospect of their organisation getting hacked; a further 36% admitted that they did not report a phishing email they received at work 

Poor cyber hygiene

Ivanti's survey found a low level of cyber hygiene amongst government employees when it comes to password security and mismanagement. Almost half (40%) of respondents use the same password for over a year, and a third (34%) have used the same password across multiple devices. 

The majority of governments are failing to equip staff with the right skills and training on this. On average, only 39% of respondents said their employer provides mandatory cybersecurity training; and 29% said they were not required to complete any training.

Governments could be doing more to keep their organisations cybersafe, with just 27% of government workers “very prepared” to recognise and report threats like malware at work, according to Ivanti. 

This is increasingly important given that an estimated 70% of government employees are working at least some of the time remotely - leaving organisations more exposed to cyber-risk.

A lack of awareness and confidence around identifying potential threats is already having an impact, with 5% of respondents having fallen victim to a phishing attempt. 

“We are in a state of urgency when it comes to securing critical infrastructure, along with public sector employees and the extremely sensitive data they have access to,” said Srinivas Mukkamala, Chief Product Officer at Ivanti.

“Government leaders around the world have recognised this urgency and are taking steps to combat ransomware, misinformation, and to protect their critical assets and infrastructure. If we don't focus on cybersecurity as a team effort and provide proactive security measures that enable a better employee experience, security teams and governments will continue to face an uphill battle.”