As business threat landscape heightens, UK businesses must prioritise cybersecurity training

• Only 45% of UK businesses provide cybersecurity training to all employees
• Less than half (49%) of businesses provide cyberattack prevention training for their IT teams
• Nearly two-thirds (65%) of IT security decision makers admit their organisation is complacent when it comes to cybersecurity

As the threat landscape continues to evolve, threatening businesses of all sizes, new research from Kaspersky has found that not even half of UK businesses provide cybersecurity training for all employees. This highlights the need for more education and ongoing training around cybercrime mitigation.

The business landscape is turning into a battleground for companies of all shapes and sizes in the current Covid-19 climate – whilst cybersecurity threats are continuing to rise. The recent UK government Cyber Security Breaches Survey 2020 has revealed that almost half of businesses (46%) report having cyber security breaches or attacks in the last 12 months – 36% of which experience these issues at least once a week. But despite these threats, only 45% of UK businesses are providing cybersecurity training to all employees, new research from cybersecurity firm Kaspersky has revealed. That’s in addition to findings that the average cost of a data breach now estimated to be around £3 million per incident – demonstrating the immense financial risks for organisations not investing in adequate cybersecurity measures. 

With education and ongoing training being key to companies maintaining a good cybersecurity hygiene – minimising the risks of employees becoming insider threats, and unwittingly clicking on malicious links or files – it’s crucial for businesses for recognise their importance. This imperative for education and training is particularly highlighted by another alarming finding from Kaspersky: that nearly two-thirds (65%) of IT security decision-makers admit their organisation is complacent about the protection of its customers’ data. 

The need for businesses to place more emphasis on cybersecurity overall is clear, according to David Emm, principal security researcher at Kaspersky, who says more education is needed, including a company-wide culture shift across businesses of all sizes and sectors.  

“Businesses are prepared to take a risk until something happens – but it’s important to flip that mindset and focus instead on prevention. That includes making the essentials, like training, mandatory. Cybersecurity is a very small part of an overall regulation; it comes back to education, understanding what you can be affected by, what your responsibility is, and how security solutions can help you defend against cyberthreats. Education is crucial in ensuring consumer data is securely protected, and to ward off costly cyber-attacks. Businesses must do more to ensure this is achieved, especially given that the costs of an attack hugely outweigh the costs for education and ongoing training,” comments David Emm.   

This is a sentiment backed up those in the IT industry. Three-quarters (78%) of IT security decision makers admit that most organisations in the UK need to do more to protect customers’ data security. In addition, 13% claim that their organisation’s budget for cyberattack prevention is less than adequate. In a rather damning assessment of the lack of action businesses are taking against cyberattacks, Kaspersky also found that a staggering 84% chief information security officers in the UK believe that a cyberattack on their company is ‘inevitable’.  

“Training is crucial: after all, if staff are trained, they become the strongest link defending breaches – rather than a chink in a company’s armour. But if an organisation is not effecting top-down change, then it is potentially overlooking poor practice and behaviours. Put simply, all organisations have a responsibility to protect consumer data. It is not enough for organisation to admit attacks are inevitable without then working to prepare an adequate response and improve resilience. Organisations should be looking to ensure that their employees are educated in best cybersecurity practices, and continually receive training and support to ensure best practice is maintained. After all, the threat landscape is continually shifting – and organisations must shift with it,” comments Dan Patefield, head of programme, Cyber and National Security, techUK.   

ENDS 

About Kaspersky  

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialised security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

About techUK

techUK is the UK’s leading technology membership organisation, with more than 850 members spread across the UK. We are a network that enables our members to learn from each other and grow in a way which contributes to the country both socially and economically.;

Research methodology 

Kaspersky commissioned Arlington Research to undertake quantitative research amongst 200 IT security decision makers across the UK from organisations with 50+ employees.