Half UK Employees Have No Cyber Security Training

More than half of UK office workers say their employers have provided no cyber security awareness training, according to ISACA’s 2016 Cyber Security Perceptions study of more than 2,000 UK consumers online.  

More than one in three respondents (36%) say they could not confidently define a phishing attack—a scam in which someone poses as a reputable organisation in email, IM or social media messages to solicit information—and one in five (19%) have fallen prey to phishing emails. Additionally, when asked to prioritize between a fast Internet connection and a secure one, 1 in 3 chose speed.

“It is critically important that we create awareness in cybersecurity and in multiple roles within an organization,” said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, chair of ISACA’s board of directors. “The human factor is critical when creating cybersecurity capability, and education based on practical guidance is key to reducing the related business risks.”

Fourteen percent of respondents have used an easy-to-guess password to save time, 16% have shared their password with others, 15% have used a USB stick that wasn’t theirs, and 11% skipped the opportunity to use multi-factor authentication because it wasn’t convenient. 

Additionally, more than three-quarters of respondents (76%) don’t know what ransomware is (especially concerning since 93% of phishing attacks now include ransomware, according to a new Phishme report) and nearly two-thirds (62%) could not define a breach, despite high-profile incidents regularly featuring in mainstream UK media.

Despite these findings, the majority of those surveyed are confident in their abilities to protect their own sensitive data (79%) and almost three-quarters (74%) of employees are confident in their employer’s ability to do so.

“Consumers are confident—perhaps overly so—in their own abilities to keep their data safe. But these findings show that a gap exists between perception and reality. By failing to educate employees, organisations are leaving themselves more vulnerable to attack,” said Dimitriadis. “Ransomware, for example, is a fast-growing threat and phishing attacks are commonplace. 

Employees should be taught what these terms mean and the role they play in defending against them. Starting with better education and training in the workplace, we can help to improve safety and security online.”

Cyber Security Career Perceptions

The survey also revealed perceptions about cyber security as a career track. While more than half of UK consumers (57%) believe cyber security is an important career, fewer than half of respondents (44%) believe these roles are in demand and only 1 in 3 (36%) believes it pays well—surprising findings given that a million cybersecurity positions remain unfilled worldwide, according to Cisco. 

Additionally, HR firm Robert Walters reports that average salaries for cyber security professionals in the UK will rise 14% this year with some increasing by almost 40%.

Nearly one in five say the cybersecurity profession is too male-dominated—an expected perception, given that women hold only 10-25% of all cybersecurity positions, according to recent research. Additionally, nearly one in four (23%) say it is a career “for geeks.”

“Cyber security is an excellent career choice for both men and women who want to play a critical role in their organisations and who are looking to develop a strong mix of business and technical skills—and they can expect to be well compensated for these skills,” said ISACA CEO Matt Loeb.

“These findings show that there is still work to be done in changing the perception of cybersecurity and building a pipeline of qualified cyber security candidates.”

As part of that work, the nonprofit, independent ISACA established Cybersecurity Nexus (CSX), to help organizations develop a skilled cyber security workforce, and to help individuals pursue and advance in cyber security careers.

ISACA

« Shedding Light On The Dark Web
Cybersecurity Is A Boardroom Blind Spot »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

INSUREtrust

INSUREtrust

INSUREtrust is a pioneer in the industry, inventing the concept of cyber insurance.

IPCopper

IPCopper

IPCopper specializes in network packet capture appliances for cybersecurity, cybersurveillance and network monitoring, and encrypted data storage.

Arcanum Information Security (AIS)

Arcanum Information Security (AIS)

Arcanum Information Security is a specialist Information Assurance Consultancy and a leading provider of Cyber Security services to UK Defence, UK Government, Enterprise businesses and SMEs.

Science Applications International Corporation (SAIC)

Science Applications International Corporation (SAIC)

SAIC is a premier technology integrator in the technical, engineering, intelligence, and enterprise information technology markets. Services and solutions include Cybersecurity.

KIOS Center of Excellence (KIOS CoE)

KIOS Center of Excellence (KIOS CoE)

KIOS carries out top level research in the area of Information and Communication Technologies (ICT) with emphasis on the Monitoring, Control and Security of Critical Infrastructures.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

Nextcloud

Nextcloud

Nextcloud offers offers solutions to the combined need of security and ubiquitous access to data and collaboration technology.

Trustonic

Trustonic

Trustonic is a leader in the device security market. Our mission is to protect apps, secure devices & enable trust.

Project Moore

Project Moore

Project Moore is an Amsterdam law firm specialising in IT-law and privacy.

Asia Center of Excellence for Smart Technologies (ACES)

Asia Center of Excellence for Smart Technologies (ACES)

ACES is a one-stop competency center and incubator for the development of Industry 4.0 and associated technologies including cybersecurity, robotics, IoT and Big Data.

Selectron Systems

Selectron Systems

Selectron offers system solutions for automation in rail vehicles and support in dealing with your railway cyber security challenges.

Unit21

Unit21

Unit21 helps protect businesses against adversaries through a simple API and dashboard for detecting and managing money laundering, fraud, and other sophisticated risks across multiple industries.

Clear Thinking Solutions

Clear Thinking Solutions

Clear Thinking is an IT Solutions company specialising in secure & compliant technical services.

CYTUR

CYTUR

CYTUR provide trusted and secured maritime cybersecurity solutions to keep ships safe, protecting them, their crews, cargo and all stakeholders from maritime cyber threats.

Reaktr.ai

Reaktr.ai

Reaktr.ai is founded on the vision of using AI as a catalyst to propel industries into a future where we redefine what's possible. Fortify your cybersecurity defense with our AI-powered platform.

Proaxiom

Proaxiom

Proaxiom are focused on erasing cyber driven panic paralysis for Small and Medium Enterprises through brilliant cyber technologies which drive productivity and support growth.