A third of UK businesses fail to deliver essential cyber security training
Almost a third of UK businesses offer no cyber security training to reduce the likelihood and severity of data breaches while working from home, a new study reveals.
The Cyber Security Insights Report from managed cloud services and security provider iomart asked workers about their businesses’ cyber security provisions, including the level of training offered, the extent of data backup policies in place, and their awareness of how to identify a cyber attack.
The study found that 28% of workers admit that their business offers no cyber security training at all. And although 42% of employees report training being offered, it was only provided to select employees rather than to the entire staff.
And of those who did offer training, a huge proportion (82%) admitted it consisted of a short briefing rather than a comprehensive course, while only 17% of workers had regular sessions relating to cyber security
This means that out of all employees surveyed, just 8% – less than one in ten – received regular cyber security training.
When asked why they believed their organisation did not offer cyber security awareness training across the board, respondents cited a lack of budget, a lack of prioritisation when it came to preventing cyber attacks, and a lack of technical expertise to implement it.
This is concerning, as almost a fifth (20%) of those surveyed reported seeing an increase in cyber attacks as a result of working remotely, while a quarter of workers admitted their business did not have a disaster recovery policy in place.
Without a backup policy or training, a cyberattack could prove devastating to UK businesses, with the reported average of a data breach currently stands at a staggering £2.93 million and spanned an average of 280 days.
Interestingly, healthcare was found to experience the biggest financial impact of a breach with average losses of £5.4 million per incident.
Bill Strain, security director for iomart, warns that businesses need to minimise risk by establishing an integrated data security plan saying: “It’s clear that many organisations still don’t consider cyber security and data protection to be a top priority.
“They need to understand what the potential threats are and build resilience into their business strategy so they can react quickly and maintain operations if their IT systems are compromised.
“Many businesses would not survive the operational – let alone financial – impact of a data breach. By understanding the potential risk and introducing positive behaviour around cyber awareness, they have a much better chance of surviving an incident.”
The survey has clear implications for employers, with many workers still set to continue working remotely, and should continue to prioritise delivering cyber security training to all employees.
This includes those who hold management positions, with more than a quarter (29%) admitting they were unsure whether the business had recovery policies in place.