An average of 41 per cent of UK employees across all sectors are yet to receive adequate cybersecurity training. This is leaving businesses and individuals vulnerable to attacks, according to a recent study by Specops Software. The travel and hospitality sector had the worst record, with 84 per cent stating they had not received sufficient training. These findings were revealed not long after easyJet suffered a data breach where nine million customers’ details were accessed.
The survey, which involved 1342 businesses across 11 sectors in the UK, also revealed that 69 per cent of workers in education and training are yet to receive acceptable cybersecurity training from their employers, as well as 56 per cent in customer service, 47 per cent in marketing, advertising and PR, 42 per cent for medical and health, and 37 per cent in creative arts and design.
Industries with the highest levels of adequate training were legal services at 16 per cent, recruitment, and HR at 19 per cent, and accountancy, banking and finance at 23 per cent.
These results are particularly concerning considering the recent spike in attacks in areas such as healthcare during COVID-19 and education. Earlier this year, the ICO revealed that 90 per cent of cyber data breaches in 2019 was down to human error.
It does seem that there has been more focus on cybersecurity training in response to COVID-19. 21 per cent of respondents stated that they had received more training since the beginning of the crisis. However, the analysis also found that only 29 per cent of business sectors have initiated additional cybersecurity training since the pandemic. This is despite the additional risks posts by the recent surge in remote working.
Darren James, a cybersecurity expert at Specops Software, commented: “The fact of the matter is that you can put as many security systems and procedures in place as you wish, but usually the weakest link is always the human being involved. Providing cybersecurity training is essential. Subjects such as password hygiene, email scam/phishing/malware awareness, social media usage etc. are important and the more attention we can bring via training at work, the less likely people, in general, will fall victim to these crimes.”