Most employees are not being trained in the latest and greatest cybersecurity practices. And those that do receive training often find the quality of teaching underwhelming.
This is according to a new report from cloud services and security provider iomart, based on a poll of 1,167 UK-based employees and senior managers, which states that that more than a quarter (28 percent) of UK businesses offer no cybersecurity training whatsoever. Companies that do run training programs (42 percent), meanwhile, offer them to select employees rather than to the entire staff.
Employees that do end up receiving cybersecurity training usually end up feeling disappointed with the quality of the sessions. The majority (82 percent) described the training as a “short briefing” rather than a comprehensive course, with just a fraction (17 percent) taking regular cybersecurity sessions.
Employees are usually considered the first line of defence against cyberthreats, because most frequently targeted by cybercriminals. Stressed, overworked and distracted employees are prone to clicking on malicious links and accidentally installing malware, threatening the entire network.
The importance of employee training is clear, but businesses are held back by budget constraints and knowledge gaps, iomart reports.
When asked why businesses don’t implement better training, most respondents cited a lack of budget, a lack of prioritization when it came to preventing cyberattacks, and a lack of technical expertise to implement it.