A new study shows that nearly half (49%) of employees surveyed consider protection from cyberthreats a shared responsibility, but only one tenth (12%) of employed respondents claim to be fully aware of their organizations IT security policies and rules.

A Kaspersky Lab survey of 7,993 full-time employees asked respondents about policies and responsibilities for corporate IT security. The results showed that a lack of IT security awareness remains a worrying reality for businesses around the world, considering that 24 percent of employees believe there are no established policies in their organizations at all.

This discrepancy could be particularly dangerous for small and medium sized businesses (SMBs), where there is no dedicated IT security function and responsibilities are distributed among IT and non-IT employees, the study says. According to Kaspersky Lab experts, top management, HR and finance specialists who have access to their company’s critical data are usually most at risk of being targeted by cybercriminals. Therefore, neglecting even basic security requirements, such as changing passwords or installing necessary updates, could jeopardize the overall protection of the organization.

“The issue of unaware staff can be a major challenge to overcome, especially for smaller businesses where a cybersecurity culture is still being developed,” said Vladimir Zapolyansky, head of SMB business at Kaspersky Lab. “Not only can employees themselves fall victim to cyberthreats, but they are also obliged to guard their company from those threats in the first place. In this regard, businesses should be educating staff and introducing easy-to-use – but still powerful – security solutions that make managing protection achievable for those who are not experts in IT security.”