An average of 41% of UK employees across all sectors have not received adequate cybersecurity training, which is leaving businesses and individuals vulnerable to attacks, according to a new study by Specops Software. Travel and hospitality was the sector with the worst record, with 84% of staff stating they have not received sufficient training. The findings come just weeks after easyJet suffered a data breach in which details of nine million of its customers were accessed.
The survey of 1342 businesses across 11 different sectors in the UK also discovered that 69% of workers in education and training have not received adequate cybersecurity training from their employers, with the figure 56% for those in customer service, 47% in marketing, advertising and PR, 42% for medical and health, and 37% in the creative arts and design sector.
The industries which had the highest levels of adequate cybersecurity training according to the study were legal services (16%), recruitment and HR (19%) and accountancy, banking and finance (23%).
The results are especially concerning considering the recent spike in attacks in areas such as education and, during COVID-19, healthcare. Earlier this year, the UK Information Commissioner’s Office (ICO) revealed that human error was the cause of 90% of cyber data breaches in 2019.
There does appear to have been a bigger emphasis on cybersecurity training as a result of COVID-19, with 21% of respondents stating they had been trained a lot more since the crisis began. However, the analysis also found just 29% of business sectors have initiated additional cybersecurity training since the pandemic, despite the additional risks posed by the recent surge in remote working.
Darren James, cybersecurity expert at Specops Software, commented: “The fact of the matter is that you can put as many security systems and procedures in place as you wish, but usually the weakest link is always the human being involved. Providing cybersecurity training is essential. Subjects such as password hygiene, email scam/phishing/malware awareness, social media usage etc. are important and the more attention we can bring via training at work, the less likely people in general will fall victim to these crimes.”
News Source: https://www.infosecurity-magazine.com/