Half UK Employees Have No Cyber Security Training

Uploaded on 2016-08-03 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW, TECHNOLOGY--Resilience

More than half of UK office workers say their employers have provided no cyber security awareness training, according to ISACA’s 2016 Cyber Security Perceptions study of more than 2,000 UK consumers online.  

More than one in three respondents (36%) say they could not confidently define a phishing attack—a scam in which someone poses as a reputable organisation in email, IM or social media messages to solicit information—and one in five (19%) have fallen prey to phishing emails. Additionally, when asked to prioritize between a fast Internet connection and a secure one, 1 in 3 chose speed.

“It is critically important that we create awareness in cybersecurity and in multiple roles within an organization,” said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, chair of ISACA’s board of directors. “The human factor is critical when creating cybersecurity capability, and education based on practical guidance is key to reducing the related business risks.”

Fourteen percent of respondents have used an easy-to-guess password to save time, 16% have shared their password with others, 15% have used a USB stick that wasn’t theirs, and 11% skipped the opportunity to use multi-factor authentication because it wasn’t convenient. 

Additionally, more than three-quarters of respondents (76%) don’t know what ransomware is (especially concerning since 93% of phishing attacks now include ransomware, according to a new Phishme report) and nearly two-thirds (62%) could not define a breach, despite high-profile incidents regularly featuring in mainstream UK media.

Despite these findings, the majority of those surveyed are confident in their abilities to protect their own sensitive data (79%) and almost three-quarters (74%) of employees are confident in their employer’s ability to do so.

“Consumers are confident—perhaps overly so—in their own abilities to keep their data safe. But these findings show that a gap exists between perception and reality. By failing to educate employees, organisations are leaving themselves more vulnerable to attack,” said Dimitriadis. “Ransomware, for example, is a fast-growing threat and phishing attacks are commonplace. 

Employees should be taught what these terms mean and the role they play in defending against them. Starting with better education and training in the workplace, we can help to improve safety and security online.”

Cyber Security Career Perceptions

The survey also revealed perceptions about cyber security as a career track. While more than half of UK consumers (57%) believe cyber security is an important career, fewer than half of respondents (44%) believe these roles are in demand and only 1 in 3 (36%) believes it pays well—surprising findings given that a million cybersecurity positions remain unfilled worldwide, according to Cisco. 

Additionally, HR firm Robert Walters reports that average salaries for cyber security professionals in the UK will rise 14% this year with some increasing by almost 40%.

Nearly one in five say the cybersecurity profession is too male-dominated—an expected perception, given that women hold only 10-25% of all cybersecurity positions, according to recent research. Additionally, nearly one in four (23%) say it is a career “for geeks.”

“Cyber security is an excellent career choice for both men and women who want to play a critical role in their organisations and who are looking to develop a strong mix of business and technical skills—and they can expect to be well compensated for these skills,” said ISACA CEO Matt Loeb.

“These findings show that there is still work to be done in changing the perception of cybersecurity and building a pipeline of qualified cyber security candidates.”

As part of that work, the nonprofit, independent ISACA established Cybersecurity Nexus (CSX), to help organizations develop a skilled cyber security workforce, and to help individuals pursue and advance in cyber security careers.

ISACA

« Shedding Light On The Dark Web
Cybersecurity Is A Boardroom Blind Spot »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Security Current

Security Current

Security Current's proprietary content and events provide insight, actionable advice and analysis giving executives the latest information to make knowledgeable decisions.

Computer Laboratory - University of Cambridge

Computer Laboratory - University of Cambridge

Computer security has been among the Laboratory’s research interests for many years, along with related topics such as cryptology

ObserveIT

ObserveIT

ObserveIT helps companies identify & eliminate insider threats. Visually monitor & quickly investigate with our easy-deploy user activity monitoring solution.

Norwegian Business & Industry Security Council (NSR)

Norwegian Business & Industry Security Council (NSR)

NSR is a member organization serving the Norwegian business sector in an advisory capacity on matters relating to crime and security including cyber.

Terranova Security

Terranova Security

Terranova is dedicated to providing information security awareness programs customized to your internal policies and procedures.

MAD Security

MAD Security

MAD Security is a premier provider of information and cybersecurity solutions that combine technology, managed security services, support and training.

CIRISK

CIRISK

CIRISK offers a wide range of services from consulting to audit or project management to help you develop your cyber security or information security strategy.

MagicCube

MagicCube

MagicCube is a device independent IoT security platform that protects against on-device, cloud, and network attacks.

INFRA Security & Vulnerability Scanner

INFRA Security & Vulnerability Scanner

INFRA is a powerful platform with an easy interface for any kind of Ethical Hacking, from corporate monitoring and VAPT (vulnerability assessments and penetration testing) to military intelligence.

KETS Quantum Security

KETS Quantum Security

KETS harnesses the properties of quantum mechanics to solve challenging problems in randomness generation and secure key distribution and enable ultra secure communications.

HENSOLDT Cyber

HENSOLDT Cyber

HENSOLDT Cyber introduces a paradigm shift to cyber security. Our products have been designed to ensure the integrity of embedded systems at the core: the operating system and the processor.

Resourcive

Resourcive

Resourcive is the first Value Added Sourcing “VAS” consultancy. We deliver strategic IT sourcing solutions to mid-market and enterprise clients.

Oz Forensics

Oz Forensics

Oz Forensics is a global leader in preventing biometric and deepfake fraud. It is a developer of facial Liveness detection for Antifraud Biometric Software with high expertise in the Fintech market.

Calamu

Calamu

Calamu is a software-defined storage security and resiliency platform that keeps your data secure and accessible wherever you choose to store it.

BCX

BCX

BCX, a subsidiary within Telkom Group, is one of Africa’s largest systems integrator and digital transformation partners for enterprises and public sector organisations.

Zanutix Consulting

Zanutix Consulting

Zanutix specialize in a wide range of services including Network Design and Implementation, Data Management, Cloud Solutions, Software Development and Cybersecurity.