UK organisations still falling short in improving staff cyber security awareness

According to the 2017 Databarracks Data Health Check, only 53% of organisations have sufficient cyber security skills to tackle the current threat landscape. This figure remains unchanged from 2016, despite increased investment in staff cyber security awareness.

Key findings:

  • Human error (29%) and hardware failure (25%) were the top causes of data loss.
  • 31% of organisations have been affected by some form of cyber threat in the past 12 months, and 11% were repeatedly affected.
  • In response to recent cyber threats, 36% have reviewed their security policies and made changes, and 25% have reviewed existing policies but haven’t amended them.
  • Viruses (44%), malware (31%), ransomware (29%) and phishing (26%) are the top cyber threats.
  • Only 13% of organisations have put additional measures in place ahead of the General Data Protection Regulation (GDPR), with a further 30% saying they’re planning to in the next 12 months.

Peter Groucutt, managing director at Databarracks, said:

Unfortunately, we are in the midst of an arms race against cyber criminals. Threats are becoming more frequent and more sophisticated. Organisations are desperately trying to address this by improving preventative measures and investing in education for staff, but as the evidence from the research shows, this is in fact doing little to improve confidence. While undoubtedly this is a major concern for organisations, it’s important to recognise that the simple steps we take to better equip staff to address threats do have a real effect.

Investing in staff education is important, but it must provide staff with the confidence needed to deal with threats accordingly.

Groucutt continued:

Phishing and whaling attacks, for example, remain one of the biggest threats to a business. Fundamentally these types of attacks are focused on people not technology, which is why it’s imperative that cyber awareness training is continually invested in. Over the past year we have seen businesses investing in cyber awareness training increase from 26% to 34% and next year we want to see this grow further.

With data breaches, ransomware and phishing attacks increasing in both volume and sophistication, it is fundamental that staff receive the correct training so that they’re aware of the risks that they could unintentionally inflict on their employer. Even basic training has the potential to prevent security incidents.

Reduce your security risk exposure and roll out a comprehensive staff awareness training programme

A staff awareness training programme is usually delivered online, such as in e-learning courses, or by using posters, games and books.

E-learning courses are made more engaging by including interactive activities such as quizzes, videos, simulations and so on to stimulate learners’ curiosity and deliver the messages in an informal way.

IT Governance has developed a broad portfolio of e-learning courses to address topics such as information security, phishing and ransomware, and to help employees understand ISO 27001, GDPR and Payment Card Industry Data Security Standard (PCI DSS) compliance requirements.

Discover our portfolio >>