Kaspersky reveals that despite well-documented cyberthreats, not even half of UK businesses provide cybersecurity training
April 2020 by Kaspersky
As the threat landscape continues to evolve, threatening businesses of all sizes, new research from Kaspersky has found that not even half of UK businesses provide cybersecurity training for all employees. This highlights the need for more education and ongoing training around cybercrime mitigation.
The business landscape is turning into a battleground for companies of all shapes and sizes in the current Covid-19 climate – whilst cybersecurity threats are continuing to rise. The recent UK government Cyber Security Breaches Survey 2020 has revealed that almost half of businesses (46%) report having cyber security breaches or attacks in the last 12 months – 36% of which experience these issues at least once a week. But despite these threats, only 45% of UK businesses are providing cybersecurity training to all employees, new research from cybersecurity firm Kaspersky has revealed. That’s in addition to findings that the average cost of a data breach now estimated to be around £3 million per incident – demonstrating the immense financial risks for organisations not investing in adequate cybersecurity measures.
With education and ongoing training being key to companies maintaining a good cybersecurity hygiene – minimising the risks of employees becoming insider threats, and unwittingly clicking on malicious links or files – it’s crucial for businesses for recognise their importance. This imperative for education and training is particularly highlighted by another alarming finding from Kaspersky: that nearly two-thirds (65%) of IT security decision-makers admit their organisation is complacent about the protection of its customers’ data.
The need for businesses to place more emphasis on cybersecurity overall is clear, according to David Emm, principal security researcher at Kaspersky, who says more education is needed, including a company-wide culture shift across businesses of all sizes and sectors.
“Businesses are prepared to take a risk until something happens – but it’s important to flip that mindset and focus instead on prevention. That includes making the essentials, like training, mandatory. Cybersecurity is a very small part of an overall regulation; it comes back to education, understanding what you can be affected by, what your responsibility is, and how security solutions can help you defend against cyberthreats. Education is crucial in ensuring consumer data is securely protected, and to ward off costly cyber-attacks. Businesses must do more to ensure this is achieved, especially given that the costs of an attack hugely outweigh the costs for education and ongoing training,” comments David Emm.
This is a sentiment backed up those in the IT industry. Three-quarters (78%) of IT security decision makers admit that most organisations in the UK need to do more to protect customers’ data security. In addition, 13% claim that their organisation’s budget for cyberattack prevention is less than adequate. In a rather damning assessment of the lack of action businesses are taking against cyberattacks, Kaspersky also found that a staggering 84% chief information security officers in the UK believe that a cyberattack on their company is ‘inevitable’.
“Training is crucial: after all, if staff are trained, they become the strongest link defending breaches – rather than a chink in a company’s armour. But if an organisation is not effecting top-down change, then it is potentially overlooking poor practice and behaviours. Put simply, all organisations have a responsibility to protect consumer data. It is not enough for organisation to admit attacks are inevitable without then working to prepare an adequate response and improve resilience. Organisations should be looking to ensure that their employees are educated in best cybersecurity practices, and continually receive training and support to ensure best practice is maintained. After all, the threat landscape is continually shifting – and organisations must shift with it,” comments Dan Patefield, head of programme, Cyber and National Security, techUK.