Half UK Employees Have No Cyber Security Training

More than half of UK office workers say their employers have provided no cyber security awareness training, according to ISACA’s 2016 Cyber Security Perceptions study of more than 2,000 UK consumers online.  

More than one in three respondents (36%) say they could not confidently define a phishing attack—a scam in which someone poses as a reputable organisation in email, IM or social media messages to solicit information—and one in five (19%) have fallen prey to phishing emails. Additionally, when asked to prioritize between a fast Internet connection and a secure one, 1 in 3 chose speed.

“It is critically important that we create awareness in cybersecurity and in multiple roles within an organization,” said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, chair of ISACA’s board of directors. “The human factor is critical when creating cybersecurity capability, and education based on practical guidance is key to reducing the related business risks.”

Fourteen percent of respondents have used an easy-to-guess password to save time, 16% have shared their password with others, 15% have used a USB stick that wasn’t theirs, and 11% skipped the opportunity to use multi-factor authentication because it wasn’t convenient. 

Additionally, more than three-quarters of respondents (76%) don’t know what ransomware is (especially concerning since 93% of phishing attacks now include ransomware, according to a new Phishme report) and nearly two-thirds (62%) could not define a breach, despite high-profile incidents regularly featuring in mainstream UK media.

Despite these findings, the majority of those surveyed are confident in their abilities to protect their own sensitive data (79%) and almost three-quarters (74%) of employees are confident in their employer’s ability to do so.

“Consumers are confident—perhaps overly so—in their own abilities to keep their data safe. But these findings show that a gap exists between perception and reality. By failing to educate employees, organisations are leaving themselves more vulnerable to attack,” said Dimitriadis. “Ransomware, for example, is a fast-growing threat and phishing attacks are commonplace. 

Employees should be taught what these terms mean and the role they play in defending against them. Starting with better education and training in the workplace, we can help to improve safety and security online.”

Cyber Security Career Perceptions

The survey also revealed perceptions about cyber security as a career track. While more than half of UK consumers (57%) believe cyber security is an important career, fewer than half of respondents (44%) believe these roles are in demand and only 1 in 3 (36%) believes it pays well—surprising findings given that a million cybersecurity positions remain unfilled worldwide, according to Cisco. 

Additionally, HR firm Robert Walters reports that average salaries for cyber security professionals in the UK will rise 14% this year with some increasing by almost 40%.

Nearly one in five say the cybersecurity profession is too male-dominated—an expected perception, given that women hold only 10-25% of all cybersecurity positions, according to recent research. Additionally, nearly one in four (23%) say it is a career “for geeks.”

“Cyber security is an excellent career choice for both men and women who want to play a critical role in their organisations and who are looking to develop a strong mix of business and technical skills—and they can expect to be well compensated for these skills,” said ISACA CEO Matt Loeb.

“These findings show that there is still work to be done in changing the perception of cybersecurity and building a pipeline of qualified cyber security candidates.”

As part of that work, the nonprofit, independent ISACA established Cybersecurity Nexus (CSX), to help organizations develop a skilled cyber security workforce, and to help individuals pursue and advance in cyber security careers.

ISACA

« Shedding Light On The Dark Web
Cybersecurity Is A Boardroom Blind Spot »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Uniscon

Uniscon

Uniscon is a leading provider of cloud security solutions in Europe.

Bufferzone Security

Bufferzone Security

Bufferzone is a patented containment solution that defends endpoints against advanced malware and zero-day attacks while maximizing user and IT productivity.

Cyanre

Cyanre

Cyanre delivers state of the art cyber forensic services through software technologies and procedures that exceed conformities of major law enforcement agencies across the globe.

Sapien Cyber

Sapien Cyber

Sapien Cyber is an Australian company bringing leading-edge cyber security and threat intelligence solutions.

Awake Security

Awake Security

Awake Security offer a security solution built on an AI platform that acts like the human brain to sense, detect, and respond to threats you may not even know exist.

SafeLogic

SafeLogic

SafeLogic provides strong encryption products for solutions in mobile, server, Cloud, appliance, wearable, and IoT environments that are pursuing compliance to strict regulatory requirements.

IoTsploit

IoTsploit

IoTsploit provides 20/20 visibility of network connections, protecting critical infrastructure assets from IoT vulnerabilities.

Thridwayv

Thridwayv

Thirdwayv helps your enterprise realize the full potential of loT connectivity. All while neutralizing security threats that can run ruin the customer experience - and your reputation.

Stratus Technologies

Stratus Technologies

Edge Computing solves the inherent challenges of bandwidth, latency, and security at edge locations to enable IIoT devices and data acquisition.

Twingate

Twingate

Twingate help organizations secure and manage access to their technology resources in a world where people work from anywhere.

Jit

Jit

Jit empowers developers to own security for the product they are building from day zero.

Cyber Ranges

Cyber Ranges

Cyber Ranges is the next-generation cyber range for the development of cyber capabilities and the validation of cyber security skills and organizational cyber resilience.

Privasee

Privasee

Make GDPR compliance simple with Privasee. Our software makes it easy to protect your data and ensure you’re compliant with the new regulations.

EkoCyber

EkoCyber

EkoCyber partner with businesses as a value-added MSSP to provide top-tier, trusted and transparent cyber security services at an affordable price point.

Paramount Defenses

Paramount Defenses

Paramount Defenses have unrivaled capability in two of the most critical areas in cyber security today – Active Directory Security and Privileged Access.

Cypheria

Cypheria

Cypheria harness the expertise of elite military units and combine it with extensive digital combat experience to deliver unparalleled security solutions for organizations.