Europe remains vulnerable to cyberattacks despite stringent legislation and regulations

Image: – © AFP

How do cybersecurity measures affect organisations and what is the way by which people act and feel at work? In answering this, the training firm KnowBe4 has released its 2024 Security Culture Report, which examines how security measures affect organisations and the way people act and feel at work. 

Segmented into global and regional versions by North America, South America, Europe, Africa, Asia, and Oceania, the report takes into account regional nuances, behaviours and attitudes towards cybersecurity in the workplace. 

The report shows that, in general, organisations across Europe understand that people must be part of its defence to increase the level of resilience as social engineering remains one of the top threats.

The survey also reveals that organisations no longer view security awareness as a checkbox exercise for satisfying compliance requirements. Instead, firms are increasingly seeing cybersecurity as something that possesses a strategic initiative to foster a strong security culture.

A factor working against this realisation is the way cybersecurity is too often considered the responsibility of a single team or unit, instead of being a collaborative effort. This lack of cohesiveness often makes it difficult for firms to gain traction. 

The report finds that although the European Union is at the forefront of shaping global cybersecurity standards through vigorous legislation and regulations, there remains a need for faster adoption and implementation to make it effective for organisations. 

This is so with topics as varied as cybersecurity maturity levels across Europe and what that means for organisations, the lack of communication in organisations and how that aids cyberattacks, legislation and its implementation.

Other areas that require attention include the predicted increase in quality and quantity of cyberattacks and how to potentially combat these, the big issue of language localisation of specific compliance and legal requirements across the continent, and the influence of AI on the increase of disinformation and misinformation, and more sophisticated and effective cyberattacks.

Here too many organisations lag behind in establishing a proactive security culture (everything a firm needs to do before an attack takes place).

The report concludes that social engineering remains one of the top three threats in Europe. To guard against this, cybersecurity education and training in organisations is a necessity to stay ahead of the ever-evolving strategies and tactics of cybercriminals.