Building a slide deck, pitch, or presentation? Here are the big takeaways:

  • 12% of employees claim to be fully aware of their organization’s IT security policies and rules. — Kaspersky Lab, 2018
  • 24% of employees said they believe their organization does not have any established security policies. — Kaspersky Lab, 2018

Though cyberthreats grow more sophisticated by the day, the vast majority of employees are not aware of their organization’s information security policies and rules that are in place to keep them safe, according to a new survey from Kaspersky Lab. While 49% of employees surveyed said they consider protection from cyberthreats a shared responsibility in their company, only 12% said they were fully aware of their company’s IT security policies, Kaspersky Lab found.

These results highlight the fact that employees remain a top security risk factor within organizations, as they are responsible for 46% of IT security incidents each year, according to a past Kaspersky Lab survey. However, employees are also the key to strengthening an organization’s security posture, as noted by our sister site ZDNet, and enterprises must have strong awareness campaigns in place to remain cybersecure.

Of the nearly 8,000 full-time employees surveyed, 24% said they believed their organization did not have any established IT security policies.

SEE: Incident response policy (Tech Pro Research)

This lack of awareness is of particular concern for SMBs, who often lack dedicated IT security teams, and share cybersecurity responsibilities among IT and non-IT workers, Kaspersky Lab noted in the report. SMBs tend to be most vulnerable to threats such as ransomware, since they lack the staff and financial resources to secure their IT infrastructure.

Employees most at risk tend to be executives, HR leaders, and finance specialists, who tend to have access to their company’s critical data, according to the report. If the most basic cyber hygiene practices–such as changing passwords or installing updates–are not followed by all employees, it could potentially put the entire organization in danger of a breach.

“The issue of unaware staff can be a major challenge to overcome, especially for smaller businesses where a cybersecurity culture is still being developed,” Vladimir Zapolyansky, head of SMB business at Kaspersky Lab, said in a press release. “Not only can employees themselves fall victim to cyberthreats, but they are also obliged to guard their company from those threats in the first place. In this regard, businesses should be educating staff and introducing easy-to-use–but still powerful–security solutions that make managing protection achievable for those who are not experts in IT security.”

For more tips on how to keep employees cybersecure, click here.