Lack of employee cyber awareness putting businesses at risk

Employees’ lack of awareness of when it comes to cyber security is putting UK businesses at risk, according to a new report.

According to AXELOS – a joint venture between the government and Capita – firms are putting their reputations, customer trust and competitive advantage on the line by failing to properly equip their staff to recognise and respond to potential threats.

Government research found that 75 per cent of large organisations suffered staff-related security breaches in 2015, with half of the worst breaches caused by human error.

But while 42 per cent of executives in charge of security training say it is “very effective” at providing general awareness of risks, just 28 per cent say their efforts are very effective at changing behaviour in relation to information security.

37 per cent say the same of ensuring compliance with regulatory requirements, while only 33 per cent say it is very effective at reducing exposure to the risk of breaches.

And just 32 per cent are “very confident” that the training is relevant to staff, despite 99 per cent of respondents believing awareness is important to minimising the risk of breaches.

When asked how many staff had completed their security awareness programme, respondents in a quarter of organisations said that no more than 50 per cent of staff had done so.

Nick Wilding, head of cyber resilience best practice at AXELOS, said: “Despite organisations continuing to invest heavily in technology to better protect their precious information and systems, the number and scale of attacks continues to rise as they discover there is no ‘silver bullet’ to help them achieve their desired level of cyber security.

“And they often underestimate that the role that their own employees – from the boardroom to the frontline – can play: staff should be their most effective security control but are typically one of their greatest vulnerabilities.”