News

One in five employees have never had cybersecurity training, finds report

And more than half aren’t trained on how to spot phishing.

A new report released by KnowBe4 has revealed an alarming lack of cybersecurity training in UK workplaces.

The security awareness training and simulated phishing platform’s latest UK Cybersecurity Practices at Work report on workplace cybersecurity behaviours found that many staff hadn’t received cybersecurity training across various core cybersecurity best practices. 

Specifically, 48 per cent have never been trained on creating strong passwords and 51 per cent have not received training on avoiding phishing scams. Almost one in five (18 per cent) have never received any form of cybersecurity training from their companies.

Other cybersecurity practices that employees are yet to receive training on include:

•    Remote working best practices (60 per cent).

•    What to do if your credentials have been breached (66 per cent).

•    Social engineering (82 per cent).

•    Deepfakes and AI (83 per cent).

•    Bring your own device (84 per cent).

“Making the UK a safer place to do business is a shared responsibility and if organisations are equipping employees with computers to do their jobs, they also should be empowering them with the tools and knowledge to use them securely,” said Javvad Malik, lead security awareness advocate at KnowBe4. “The technology landscape is changing all the time, therefore, not including training on new areas such as deepfakes and AI, could be putting UK organisations at further risk of cybercrime.”

When it comes to following cybersecurity, advice provided by their organisations, almost three-quarters said that they always or often follow it. However, one in four workers sometimes, rarely or never follow cybersecurity advice. 

Several reasons contribute to employees not following cybersecurity advice, with 29 per cent admitting that they forget to adhere to the correct practices. Additionally, 22 per cent find cybersecurity advice too complicated to follow, and 14 per cent believe that it isn’t their responsibility to keep work systems safe.

Other notable statistics from the report include:

•    Only 42 per cent of UK workers have read and signed their workplace’s cybersecurity policy.

•    One-third of respondents admitted that they or a colleague have bypassed a cybersecurity prompt/best practice in order to get a job done quicker.

•    More than one in four (27 per cent) said they or a colleague have used an app not approved by their organisation to get a task done.

•    Only 37 per cent of UK workers responded that they strongly agreed with the statement “I know what my organisation expects from me when it comes to cybersecurity best practices at work, and I act accordingly”.
 
“Adopting the core cybersecurity practices and providing thorough training to employees should be a priority for organisations to reduce the chance of breaches in the future,” Malik said. “Yet, if organisations aren’t getting the message through, it may be time for a new approach, since it is also clear that employees aren’t worried enough about the consequences of breaches and don’t seem to be taking the issue seriously. It is vital that employees are given useful, clear training to highlight the importance of using the correct behaviours when working in the office and from home.” 
 

Posted under: