Most SMEs Do Not Provide Cyber Security Training
Small and Medium Enterprises (SME)s face a growing range of cyber security threats and the latest Report by Software Advice highlights the fact that 62% of SME leaders in Briatain have observed a significant increase in cyber threats in the last 2 years.
Despite the proliferation of cyber attacks, 48% of managers surveyed admitted that their employees have not received any cyber security training in the last 2 years. The evidence strongly suggests that SMEs are not doing enough to protect themselves.
The study reveals that 22% of SMEs have fallen victim to 1 or more cyber attacks between 2020-2021. Of this increase in attacks, the most common came in the form of phishing (at 57%), followed by malware (54%). Furthemore:
- 32% of managers claimed to not have a cyber security program within their company.
- 50% of SMEs do not have a formal cyber security incident response plan in place.
- 60% do not have any employee cyber security training.
- 24%admitted to never having conducted a security audit.
- 35% of managers stated that, in case of an attack, they wouldn’t know what to do or how to report it.
The majority of business leaders think that their employees have too much access to company data and that their biggest concern is about protecting customer data, particularly names, contact information and credit card details.
- 25% of respondents stated that their employees don’t have access to all data, but to more data than is strictly necessary to perform their job.
- 23% admitted that employees have access to all company data.
Considering that over 60% of SMEs have experienced an increase in cyber threats in the last 2 years, it becomes clear that inadequate cyber security measures are a major risk for many SMEs.
- 48% of respondents have not received any recent cyber security training.
- 38% of respondents stated that a lack of budget was the main barrier preventing companies from being able to protect themselves against cyber attacks.
- 33% referred to a lack of skilled IT personnel.
- 27% blames low-security awareness among employees.
As cyber attacks are becoming more common as companies and their customers share more data online and remote working compromises company security systems, the lack of adequate cyber security training for employees more should be a much more urgent priority for SMEs.
FCC.Gov: Gov.UK: Software Advice: FE News: FSB Skills Hub:
You Might Also Read:
Is Cyber Training Fit For Purpose?: