Half of entry level employees don’t know if their companies have cybersecurity policy: Clutch

As many as 46 percent of entry-level employees don’t know if their company has a cybersecurity policy in place, said a report. According to a survey from Washington based B2B research firm Clutch, more than half of the employees surveyed (52 percent) say their company currently has a cybersecurity policy. Yet, the survey also indicates that employees at all levels of an organization are probably unaware of the IT security threats their companies potentially face.

Nearly two-thirds of employees (63 percent) surveyed said they don’t know if the quantity of IT security threats their companies face will increase or decrease over the next year. Additionally, among entry level employees, 87 percent said they don’t know if the number of threats will shift in the next year.

No cybersecurity policy means companies at risk

IT security experts are quick to point out that employees’ lack of awareness puts companies at risk for IT security breaches. “Attacks will be more frequent, more voracious and more sophisticated in breaking through any protection you can put in place,” said Steve Scott-Douglas, CIO of Ciklum, a global software engineering and solutions company.

Advertisement

‹

EVENT

Saksham Bharat 2026

A multi-stakeholder dialogue on skilling gap in Cybersecurity, Data Resilience and AI — and the roadmap to a Saksham Bharat.

📅 Tue, 26 May 2026

📍 Mumbai, Bengaluru, Delhi

Register Now →

EVENT

VeeamON 2026 Tour India - Mumbai

A VeeamON 2026 India Leadership Series Mumbai for senior public sector and government technology leaders.

📅 Tue, 26 May 2026

📍 Grand Hyatt, BKC

Register Now →

EVENT

Cyber Surakshit Uttar Pradesh

Find out strategies, frameworks and solutions for building a resilient and secure digital ecosystem across Uttar Pradesh.

📅 Thu, 28 May 2026

📍 Lucknow

Register Now →

EVENT

VeeamON 2026 Tour India - Bengaluru

A VeeamON 2026 India Leadership Series Bengaluru for senior public sector and government technology leaders.

📅 Wed, 03 Jun 2026

📍 JW Marriott Hotel

Register Now →

EVENT

VeeamON 2026 Tour India - Delhi

A VeeamON 2026 India Leadership Series Delhi for senior public sector and government technology leaders.

📅 Fri, 19 Jun 2026

📍 Shangri-La Eros

Register Now →

EVENT

Infosec Reimagined

Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.

📅 Fri, 26 Jun 2026

📍 New Delhi

Register Now →

EVENT

Digital Senate

Digital Senate is a premier conference uniting government leaders, technologists and innovators to share ideas, success stories and strategies on digital governance, public sector transformation, cybersecurity and emerging technologies in India.

📅 Thu, 30 Jul 2026

📍 New Delhi

Register Now →

EVENT

CIO Prism

CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.

📅 Fri, 18 Sep 2026

📍 Goa

Register Now →

›

The survey also found that employees are less likely to recognize IT services as the primary area of security vulnerability at their company. Instead, they cited theft of company property as the primary threat to company security, ahead of unauthorized information and email phishing scams.

To increase awareness of IT security issues among employees, experts recommend that all companies maintain a ‘top-down’ cybersecurity policy. Employee awareness of IT security issues should be driven by a company’s executive leadership. When company leaders emphasize and communicate IT security throughout their organization, their employees are more aware and prepared for threats.

“The sheer act of taking the time to put a policy in place is the first step in going from the unconscious incompetence debate around [security] to then build up your competence and become aware of the threats and take those threats very seriously,” said Scott-Douglas.

According to report, employees of companies with a cybersecurity policy are more likely to: feel prepared for a cybersecurity threat; understand IT services as the primary security vulnerability for their company.

The survey points out that one way companies can drive awareness is through security training during new employee onboarding. Companies tend to offer IT security onboarding programs to higher-level employees only, which may account for the greater awareness and feeling of preparedness this group has regarding IT security threats.

Providing IT security onboarding for all employees can narrow the IT security knowledge gap between entry-level and higher-level employees and help ensure organizations as a whole are more aware and prepared for security issues.