Terranova Security by HelpSystems, a global leader in security awareness training, has published the results of a study that showcases the level of cyber security awareness among workers in the UK, France, U.S., Australia and Canada.
The study, conducted in partnership with research company Ipsos, surveyed 500 UK employees. It concluded there is confusion among employees over who is responsible for protecting company data. Despite the fact that human error causes 95% of cyber issues, 81% of UK employees believe it’s the IT department’s responsibility.
In addition, 1 in 4 employees do not think cyber security is necessary for them, and 18% believe they can’t be targeted at all by cybercriminals. The findings come at a time when the danger from a data breach is at an all-time high – businesses suffered 50% more ransomware attacks in 2021 compared to 2020. As of 2022, the average cost of a data breach to a large organisation increased to $4.35 million.
The research also highlighted that UK businesses aren't doing enough to support their employees when it comes to providing education on common cyber threats and security best practices. Only 42% of employees say they work in a company where cyber security awareness training is mandatory. Of the 44% who haven’t participated in any cyber security training, nearly a third (31%) indicated that their company doesn’t offer any relevant training.
These low training rates aren’t due to a lack of interest from employees, as 76% believe cyber security training is interesting, and 56% have started or completed the training when it’s offered to them.
“It’s concerning to see such a high percentage of employees who believe a company’s cyber security is not their responsibility – especially in larger organisations,” said Theo Zafirakos, Chief Information Security Officer, Terranova Security. “It’s clear that many British businesses have room to grow security awareness training strategies, especially in the face of rising cybercrime. Our research also shows there’s still quite some work to do on educating people about the important role they play in protecting data at work. These people are the first line of defence against any cyber-attack, and on a positive note, our research demonstrates a strong appetite for learning more about it. By taking responsibility to invest more in education and build a security-aware culture around data protection within the business, companies will set up a powerful barrier against any cyber threats.”
