UK government venture bemoans inadequate workplace security education

British businesses are being put at risk by failing to properly educate their workers about effective security provisions, a government study has claimed.

Just over a quarter of employees at 500 leading UK firms rate their security training as having been effective enough to change their behaviour towards dealing with online threats, according to a new survey undertaken by Axelos, a UK government/Capita joint venture.

Similarly, only 42 percent said that their training was “very effective” at providing general awareness of information security risks, meaning many companies are putting themselves at risk.

And when it came to ensuring compliance with regulatory requirements, 37 percent of workers rated their training as “very effective”, although only a third (33 percent) said it was “very effective” in reducing exposure to the risk of information security breaches.

Worryingly, Axelos’ survey revealed that, when asked how many staff had completed their information security awareness programme, respondents in a quarter of organisations said that no more than 50 percent of staff had done so.

The findings are particularly concerning as recent government research also found that 75 percent of large organisations had suffered staff-related security breaches in 2015, with half of the worst-rated breaches caused by human error.

Despite organisations continuing to invest heavily in technology to better protect their precious information and systems, the number and scale of attacks continues to rise as they discover there is no ‘silver bullet’ to help them achieve their desired level of cyber security,” said Nick Wilding, head of cyber resilience best practice at Axelos.

And they often underestimate that the role that their own employees – from the boardroom to the front-line – can play: staff should be their most effective security control but are typically one of their greatest vulnerabilities.

Cyber-attacks are now business as usual and the resulting financial and reputational damage can be significant. As a result, organisations need to be more certain that they are engaging their people effectively to better equip them to manage the cyber and information security risks they now all face.”

Antony Savvas

York, UK-based Antony Savvas has been a technology journalist for 25 years and has expertise in all major areas of enterprise and consumer IT. He has worked for a number of leading technology magazines and websites and his work is syndicated across the internet. He also undertakes corporate work for some of the world's leading technology companies.

Share
Published by
Antony Savvas

Recent Posts

Flashpoint enters new chapter with global partner programme

Security vendor Flashpoint debuts partner programme following $28m funding

7 years ago

Channel partner “disconnect” hindering growth

Complex buying journeys and sprawling partner networks hampering customer experience, says Accenture

7 years ago

Cyxtera launches global channel partner programme

Datacentre provider Cyxtera says launch is “milestone in our go-to-market strategy”

7 years ago

US IT provider brings mainframe services to UK

Ensono highlights importance of mainframes still to major industries

7 years ago

VASCO and Nuvias expand distribution across EMEA

Security vendor VASCO looks to replicate UK and German set up across EMEA

7 years ago

Splunk says channel investments driving growth

Splunk details investment in Partner+ programme at .conf2017

7 years ago