Capterra launched its latest research of 1,264 employees in India to understand the strategies employed by organisations to engage their workforce in cybersecurity. The survey further delves into the impact of phishing attacks, their consequences, and the effectiveness of security awareness training.
Over Three-Quarters of Indian Businesses have fallen prey to phishing attacks in the past year
The study reveals that among surveyed individuals, 79% reported receiving a phishing email within the past year, and a concerning 76% admitted to clicking on a link within these deceptive messages.
Phishing attacks can lead to compromised employee accounts, with 43% of respondents experiencing an account takeover in the past 12 months. The survey unveils that a significant portion of employees (21%) have access to all company data, while 38% have access to more than necessary for their job roles. Despite the prevalent risks, the research highlights that most (67%) respondents acknowledge their employers conducting phishing tests. These simulated exercises involve sending safe emails resembling phishing attempts to gauge employees' susceptibility.
Desire for More Training Contrasts Current Practices
Contrary to the need for more training, the study finds that 97% of employees already receive cybersecurity or data protection training. The most common topics covered include data privacy (76%), general cybersecurity (71%), and social engineering (48%).
Moreover, 60% of respondents undergo security awareness training refreshers every six months, while 27% of participants engage in training sessions annually. An impressive 88% of respondents claim to have a good or very good awareness of cybersecurity risks and best practices within their respective companies.
At the same time, 84% of respondents confirmed the existence of established protocols for reporting cyber attacks within their respective companies. Furthermore, a robust 81% indicated the presence of a formal incident response plan. Notably, 77% of those responsible for, involved in, or fully aware of their company's cybersecurity measures affirmed the implementation of at least one of these critical policies.
Commenting on the survey, Sukanya Awasthi, analyst of the study, said: “In our recent research, we found that employees in India demonstrate commendable proficiency in cybersecurity, actively engaging in initiatives and expressing confidence in their company's security approach. Despite this positive trend, the prevalence of cyberattacks remains high, highlighting the need for a collective effort to adopt essential practices such as enforcing good password hygiene and restricting data access. Interestingly, employees themselves express a desire for more comprehensive cybersecurity training.
To address these challenges, we advocate for a proactive approach. Companies should prioritise ongoing cybersecurity training, utilising diverse methods to fortify their defences. This commitment ensures that organisations are well-prepared to protect their personnel and data against the ever-evolving landscape of cyber threats.”