Most Employees Want Stronger Enforcement of Cybersecurity Protocols in the Workplace, Survey Finds


Two-thirds of respondents found National Institute of Standards and Technology guidelines to be “extremely” or “very” valuable.

As the Biden administration works to strengthen public and private sector partnerships within data protection, a survey found that most employees working within cybersecurity infrastructure want greater action at the federal level to protect U.S. data and systems. 

Conducted by software company Tripwire and Dimensional Research, the survey polled 306 information technology employees at both private companies and public agencies. About a third of respondents work within the federal government specifically, while others reported working in manufacturing sectors, along with energy and technology industries. 

Most of the questions asked revolved around standards recommended by the National Institute of Standards and Technology and whether these are being implemented across a myriad number of workplaces and industries. 

A total of 66% of all respondents found the NIST guidelines surrounding online security to be either “extremely” or “very” valuable, regardless of how a company or organization implements them. 

Despite the broad positive perception of NIST standards, just half of private sector and non-governmental organizations reported adopting the agency’s cybersecurity guidelines in full.  Meanwhile, 82% of respondents said that the federal government should take stronger action to ensure private companies implement these guidelines, either by strengthening the recommendations or enforcing the standards outside of federal agencies.

“It’s clear that organizations—both public and private sector—are seeking further guidance from the federal government,” Tim Erlin, vice president of strategy at Tripwire, said in a statement. “Generally, long term enforcement and implementation of cybersecurity policy will take time, but it’s important that agencies lay out a plan and measure execution against that plan to protect our critical infrastructure and beyond.”

The pro-federal enforcement philosophy was split along public versus private sector employees. When asked about the enforcement of NIST standards by the federal government, 43% of federal security employees said that government systems do a better job handling security issues, while 46% of non-federal entities said government agencies usually do a worse job managing data and network security. 

For employees in government and non-governmental roles, the key component to maintaining strong cybersecurity practices and protocols varied. Both federal and non-federal employees felt that their organization was lagging in adopting NIST guidance due to a lack of internal resources and expertise. More non-federal employees also added that low levels of cybersecurity implementation was due to a perceived lack of risk in their industry.

For both sectors, ransomware was the largest concern in terms of cyber threats and hacking, with 53% of all respondents listing it as their primary concern. Other vulnerabilities came in as the second most paramount concern.