Skip to main content

Almost half of companies do not have a proper security policy in place

security
(Image credit: Shutterstock / Khakimullin Aleksandr)

Cybercrime is on the rise, yet almost half of all organizations don’t have a cybersecurity policy, leaving employees without guidelines on how to defend against attack.

According to a new report from the British Assessment Bureau, called “The Invisible Digital Threat: Why hackers aren’t the greatest threat to your cybersecurity", 46 percent of firms don’t have a cybersecurity policy.

A cybersecurity policy standardizes employee behavior in areas like data encryption, file sharing, communications and social media. It also educates employees on their responsibilities when it comes to protecting both company systems and data.

But education, too, is an issue. While four in five seniors (directors, trustees and other senior management) received cybersecurity training in 2019, that could only be said for 29 percent of the overall workforce.

As a result, almost all personal data breaches (88 percent) occur due to insider error, and phishing (a cybercrime tactic in which criminals “fish” for sensitive data with fraud tactics) is now the greatest source of cyberattacks.

Consequently, the number of reported breaches is on the rise, and it’s mostly the older generation (40-59 year-olds) that falls victim.

“A study by Verizon found that 4 percent of phishing campaigns are successful, which is a terrifying statistic when you consider the scale at which these attacks must happen. A 4 percent success rate is especially eye-watering when you consider the average conversion rate of an e-commerce website in the UK is 1.8 percent,” said Mark Nutburn, Group IT Director at British Assessment Bureau.

“While cybersecurity is everyone’s problem, it is especially telling that this data shows the last twelve months have most adversely affected 40–59-year-olds – the generation with the least exposure to technology growing up while still being of the working-age required to use it.”

“Cybersecurity and information technology training cannot fall by the wayside under the assumption that 'people should know what they’re doing by now'. It’s critically important that employers maintain a robust cybersecurity training scheme within their businesses – the cost of not doing so could be astronomical.”