In the Middle East, Turkey and Africa (META) region, 18% of employed respondents are fully aware of the IT security policies and rules set by the organisations they work for. This is according to a recent study conducted by Kaspersky Lab and B2B International which also found that 40% of employees consider protection from cyber threats a shared responsibility.

According to Kaspersky Lab the study of 7,993 full-time also revealed that 28% of employees believe there are no established policies in their organisations at all.

"Interestingly, it seems that ignorance of the rules is no excuse, as around half (49%) of the respondents think all employees, including themselves, should take responsibility for protecting corporate IT assets from cyber threats," the company explained.

However, the human factor cannot be ignored. The company cited a report Human Factor in IT Security: How Employees are Making Businesses Vulnerable from Within which stated that careless personnel contributed to the attack of 55% of cyber security incidents within the last year.

"This discrepancy could be particularly dangerous for smaller businesses, where there is no dedicated IT security function and responsibilities are distributed among IT and non-IT personnel. Neglecting even basic requirements, such as changing passwords or installing necessary updates, could jeopardise overall business protection. According to Kaspersky Lab experts, top management, HR and finance specialists who have access to their company's critical data are usually most at risk of being targeted," read a statement by Kaspersky Lab.

Vikas Kapoor, Practice Head – Cybersecurity & GRC at In2IT Technologies, said that the scale of today's connected, digital world has broadened the scope for cybercrime and new security risk.

Skills shortage

Kapoor describes the situation as "dire" and exacerbated by a vast shortage of cyber security skills.

"This skills shortage is not confined to South African borders, and countries across the globe face similar challenges. The highly publicised global security breaches of this past year point to an increase in the prevalence of the likes of ransomware, a malware that keeps evolving to find new ways to penetrate and attack networks. As fast as cybersecurity measures improve to bridge current security gaps, so does cyber threats, resulting in a continuous shortfall of suitably skilled people capable of properly protecting networks from intrusion," said Kapoor.

"Beyond the vast size of growing security concerns, another contributor to the dire shortage of skills in this critical sector is time. Becoming a knowledgeable expert in cybersecurity takes a considerable investment of time spent learning various technologies and systems, and understanding how they integrate. It takes time to build a pool of skilled resources, including time spent in the classroom, to time spent garnering experience protecting live networks. Unfortunately, the cybersecurity space is already on the back foot and time is of the essence," he added.

Referencing South Africa's situation, Kapoor said the country had been listed as the 31st most cyber attacked country in the world out of 117 countries. "Cybersecurity professionals are constantly having to play catch up, and the development of cybersecurity skills is simply not keeping pace with digital and technological expansion - a lack which cyber criminals are capitalising on."

According to Canon's Office Insights 2017 report, uncertainty around security (including that related to cloud integration) is impacting negatively on the rate of digitisation across South African businesses.

The company's research found that more than half of end-users (52%) are not fully aware of their company's corporate security policies.

"As a result, 80% of senior managers in South Africa say they are likely to upgrade their document security in the next 1-2 years, and 55% of respondents have already sought guidance from information security experts, or specialist colleagues, to inform their security decision making," stated Canon.

The report found that a quarter of respondents mention concerns around security with regards to the rollout of cloud services. 48% of South African respondents worry about losing data in the cloud and only 24% entirely agree that cloud based applications will become the norm.