Thirty-nine percent of UK businesses identified a cyber attack in the last year. And yet, only 17 percent provide cybersecurity training.
Why?
Well, there are several reasons—all of which speak to the culture of organisations.
1. Staff are resistant to change
‘Staff were often resistant to change if they felt it made it more difficult to do the core activities of their role.’ - Cyber Security Breaches Survey 2022, GOV.UK
Research shows that most employees who violate cybersecurity policies aren’t malicious. They bypass policies on days they are most stressed, believing they can better accomplish their jobs by doing so.
This indicates there’s a middle ground between ignorance and malice. As such, you must provide cybersecurity training so staff understand the importance of adhering to policies at all times, and what could happen if they don’t.
Of course, your employees could be resistant to training. Talk to them and find out why. If it’s because they find it disruptive to their core tasks, you can easily overcome this. They might be more amenable to the idea of short modules over an extended period, for instance, rather than blocking off a day or days at a time.
And, if you still struggle with staff uptake, you can make the training compulsory.
2. Organisations believe they have a good security culture
Despite the increasing sophistication of cyber attacks, many organisations believe they are vigilant enough.
A cultural shift is necessary to combat this dangerous stance. Cybersecurity changes are more successful when they’re part of a wider programme to increase business resilience or efficiency.
So, highlight the importance of cybersecurity training in relation to your business goals. Help your employees understand how it can improve productivity. Communicate how it can help your organisation to bounce back from incidents with minimal disruption.
3. Lack of dialogue between IT and business
Your IT team might have the knowledge to train the rest of your staff on cybersecurity measures. But they’re not always on the same wavelength as your business teams.
Business teams need to know:
- How a security breach will affect the bottom line.
- How much downtime a security breach could cause.
- How a cyber resilient business can positively impact the company’s brand.
If your IT team are responsible for your cybersecurity training, they should do the following:
- Avoid the use of jargon, so everyone can understand them.
- Keep it short and sweet with bitesize training modules.
- Focus on one specific risk at a time, such as phishing emails, or ransomware attacks.
Why your organisation needs cybersecurity training
Around one in five businesses that experienced a cyber attack identified a more sophisticated attack type. But employees who don’t undergo cybersecurity training might not be aware of these emerging threats, and could put your business at risk as a result.
For instance, if an employee clicks on a link in a phishing email, threat actors can steal sensitive information, infect your network with a virus, or block your access until you pay a large sum.
On top of this, you might have to pay a hefty fine for allowing a data breach to occur. You’ll likely experience reputational damage too.
At HTG, we can identify your weaknesses, and provide security recommendations based on industry standards. And, we’ll train your staff so they know what measures to take and why.
Share
