An average of 41% of UK employees across all sectors have not received adequate cybersecurity training, which is leaving businesses and individuals vulnerable to attacks, according to a new study by Specops Software.
Travel and hospitality was the sector with the worst record, with 84% of staff stating they have not received sufficient training. The findings come just weeks after easyJet suffered a data breach in which details of nine million of its customers were accessed.
The survey of 1342 businesses across 11 different sectors in the UK also discovered that 69% of workers in education and training have not received adequate cybersecurity training from their employers, with the figure 56% for those in customer service, 47% in marketing, advertising and PR, 42% for medical and health, and 37% in the creative arts and design sector.
The industries which had the highest levels of adequate cybersecurity training according to the study were legal services (16%), recruitment and HR (19%) and accountancy, banking and finance (23%).
The results are especially concerning considering the recent spike in attacks in areas such as education and, during COVID-19, healthcare. Earlier this year, the UK Information Commissioner’s Office (ICO) revealed that human error was the cause of 90% of cyber data breaches in 2019.
There does appear to have been a bigger emphasis on cybersecurity training as a result of COVID-19, with 21% of respondents stating they had been trained a lot more since the crisis began.
However, the analysis also found just 29% of business sectors have initiated additional cybersecurity training since the pandemic, despite the additional risks posed by the recent surge in remote working.
Darren James, cybersecurity expert at Specops Software, commented:
“The fact of the matter is that you can put as many security systems and procedures in place as you wish, but usually the weakest link is always the human being involved. Providing cybersecurity training is essential. Subjects such as password hygiene, email scam/phishing/malware awareness, social media usage etc. are important and the more attention we can bring via training at work, the less likely people, in general, will fall victim to these crimes.”
We’re Team Metalogic, a managed IT support provider offering outsourced IT services to SME’s across the UK. With a proven track record, with extensive experience and a full portfolio of industry accreditations & certifications.
Our stress-free solutions don’t complicate things, in fact, they improve efficiency and save money.
Share this page
Joshua joined the team last year as Service Desk Engineer and since joining us he’s gone from strength to strength within the company. At Team Metalogic we are committed to helping our colleagues grow and develop in order to excel in their careers, and Joshua is no exception.
HIPAA is short for the Health Insurance Portability and Accountability Act. It’s a federal law in the US, creating national standards for protecting sensitive patient health information.
Protecting your data is crucial: any data lost or attacked compromises you and your organisation. Cyber security is the practice of defending your IT and telecommunications from any malicious attacks.
Passwordless authentication is any way in which a user’s identity can be verified without the need for a password.