The study which is based on the feedback from 2,650 European employees found that more than half of employees (55%) don’t regularly think about cyber security at work. This is a stark difference to counterparts in the Americas and Asia, both of whom think about cyber security on a regular basis.

According to the study, one of the core reasons for so many European workers avoiding their responsibilities to protect personal data comes from assuming it is up to management and IT teams alone.

>See also: Enterprise-wide changes coming to address cyber risk

Interestingly, privacy legislation does not seem to be a very strong deterrent. According to the research, European employees were more aware of the dangers of a security breach. When asked, 42% understood that data loss brought legal ramifications, higher than both the Americas (36%) and Asia (27%).

The study shows despite this, a quarter (26%) still don’t believe cybersecurity is important to them. Combined with the fact that the use of security software is lower in Europe (48%) than in other regions, these are clear signs that the workforce is not acknowledging security warnings.

>See also: Employee attitude is as important as technology when securing data

According to Morten Illum, VP EMEA at Aruba, this attitude could be due to ‘security fatigue’ brought on by over-exposure to security rules with little technical assistance.

He said: “Employees in Europe have been inundated with security messaging through their organisations, as well as the media.”

“Clearly giving further warnings and adding procedures isn’t having the desired effect.”

“If employees understand the risks, but aren’t acting on it, the answer is not to provide yet more training, but to bring in enhanced technology that can provide the assistance and the protection workers need to do their jobs.”

>See also: 5 cyber security best practices for 2018