Failing to educate their staff about cyber security puts businesses at greater risk of being hacked, finds an Accenture study.
55% of workers in the UK have not received specific cyber security training yet, despite increased spending by businesses to counter cyber threats.
A number of case studies, surveys and real-life examples have demonstrated that the principle reason behind successful cyber-attacks is either human error, or hackers succeeding in fooling employees into revealing sensitive details or transferring money using phishing tactics.
Given that complete automation of manufacturing, services or technology sectors may never occur, businesses need to train their workers so that they are able to identify phishing attempts, identify vulnerabilities in their IT systems and minimise error while dealing with third parties or while handling sensitive data, including those belonging to customers.
Recent metrics indicate that businesses and other organisations around the world are now waking up to the challenges posed by malicious actors in the cyber world. According to Cybersecurity 500, a group of leading cyber-security firms from across the world, worldwide spending on cybersecurity products and services may eclipse $1 trillion between 2017 and 2022.
Despite these gains, the status of cyber security training for workers in the UK continues to remain bleak. A survey of 2,000 workers by Accenture has revealed that over half of them (55%) do not remember receiving specific cybersecurity training from their employers.
Due to the lack of cyber security training of employees, businesses across the UK are paying dearly, with Accenture claiming that the cost of cyber crime in the UK has risen by 19% in the last year alone, and that the total cost of cyber crime now stands at £6.4 million.
“Large businesses in the UK can expect to face more than eighty cyber-attacks each year, with one in three breaching security. It’s therefore no surprise that companies are investing more than ever in security solutions,” said Rick Hemsley, Managing Director, Accenture Security.
“However, this research shows that no matter how much they spend, businesses that fail to educate staff about cybersecurity put themselves at greater risk of being hacked,” he added.
Hemsley added that effective investment will ensure that employees will be able to recognise threats, including phishing scams, through prevention training and awareness programs.
Kirill Kasavchenko, principal security technologist, EMEA at Arbor Networks, says that every employee should not only be provided training on password hygiene, but also specific cyber security training that will help them understand how different attacks work and how to recognise social engineering tactics.
Kasavchenko adds that while prevention is the best practice, businesses should also train employees on how to minimise the damage once a breach occurs. “Regular employee training on IT security will become even more of a necessity once GDPR and the new UK data protection bill come into effect. Businesses need to look at why their staff do not feel adequately trained and put a training plan in place,” he adds.