AXELOS – a UK Government/Capita joint venture – revealed today research into UK organisations’ approach to information security awareness shows that most UK organisations are underestimating the risks.
The research revealed that only 42 per cent of executives in UK organisations with 500 employees felt that their cyber security training was “very effective” in raising the awareness of security risks. Unfortunately, of that 42 per cent only 28 per cent felt that their training was “very effective” at changing users behaviour towards security risks.
This is worrying news as the Governments own research has shown that 75 per cent of UK organisations suffered a staff-related security breach in 2015.
With regards to compliance and regulatory requirements, 37 per cent of respondents claimed their training programs to be “very effective”. Again only 33 per cent went on to claim that training had been very effective in reducing the business to exposure from security threats. Similarly, only 32 per cent claimed that they were “very confident” that the training was relevant to staff. This is in contrast to 99 per cent of the respondents who cited security awareness training as being important in minimising the risk of security breaches.
Nick Wilding, head of cyber resilience best practice at AXELOS, said: “Despite organisations continuing to invest heavily in technology to better protect their precious information and systems, the number and scale of attacks continues to rise as they discover there is no ‘silver bullet’ to help them achieve their desired level of cyber security.
“And they often underestimate that the role that their own employees – from the boardroom to the frontline – can play: staff should be their most effective security control but are typically one of their greatest vulnerabilities.”
Image credit: Shutterstock/Tashatuvango