Over Confidence In Cyber Security Training Reduces Security

Uploaded on 2024-12-16 in JOBS-Training, FREE TO VIEW

New research by Threat Detection and Response provider, e2e-assure, reveals an alarming disconnect between cyber risk owners and employees within Financial Services, when it comes to cyber security training. 

Despite most (82%) cyber risk owners in this sector being confident employees are engaged in the training they offer, the majority (69%) of workers said they are either only ‘somewhat engaged’ (55%) or ‘not engaged’ (14%) in the training provided by their organisation.

As the sector undergoes digital transformation, and operational efficiencies are increasingly pushed for, staff are experimenting with new tooling to increase their productivity. As a result, most cyber risk owners (76%) are feeling either “very concerned” (25%) or “somewhat concerned” (51%) about the use of AI within their organisation. 
Over one in four cyber risk owners (43%) said their biggest frustration with employees was the use of unauthorised software

The research also found that although most cyber risk owners (80%) are confident in the AI polices they have introduced, there is a clear disconnect between the confidence in these policies and employee understanding. 

  • One in five (20%) of employees stated their company has policies, but admitted they don’t know what they are, and 17% have no idea whether their company has them. 
  • Comparing this year’s findings to e2e-assure’s 2023 research, although 49% of cyber risk owners in Financial Services say resilience is at the top of their agenda this year, up from 34%, speed is now the top priority for the majority (57%).  

This focus on speed over resilience, could suggest that the sector has a closer eye on external threats, jeopardising previous resilience gains if left unchecked.  

  • The research showed that when cyber attacks happen, 43% of Financial Services employees receive a disciplinary and training if they cause a breach, the highest out of all the sectors surveyed. In addition, while 37% have witnessed cyber security incidents happen, only 14% have reported them to IT.
  • But despite cyber risk owners’ confidence in training and AI policies being rolled out, employees revealed the training they are receiving isn’t cutting through, with the vast majority (69%) either only ‘somewhat engaged’ (55%) or ‘not engaged’ (14%) in the training provided by their company.  

In a sector for which speed is of utmost importance, this approach could ironically be slowing companies down, with breaches being framed as individual failures, and employees afraid to report cyber malpractice due to a reactive focus on disciplinaries.   

The data also highlights how cyber risk owners’ confidence in training programmes may be causing them to overlook gaps in the process. The research revealed employees are not receiving the style of training that resonates with them.

Employees in this sector are less likely to receive real-life scenario training (39%), despite a huge majority (82%) of workers stating they would be more engaged if they did. Rob Demain, Founder and CEO at e2e-assure, said: 
“Our research paints a picture of a sector that is overly focused on external threats, rather than fully understanding the risks from within such as employees being unaware of AI policies and therefore using unauthorised software that could jeopardise a company’s security... This sector’s reactive approach to cyber defence and employee training, perhaps understandable in an industry which prioritises speed due to high stakes, is having the unintended consequence of increasing cyber risk...   

“Data attacks such as phishing are becoming more frequent in the Financial Services sector. To ensure future resilience, cyber risk owners must turn their attention to how to mitigate this risk through effective, tailored employee training.” 

The findings show it’s vital for cyber risk owners to start looking at their resilience picture from the ground up, with four key recommendations emerging: 

  1. Tailor training to engage employees 
  2. Create a security awareness culture 
  3. Use automation to reduce human error 
  4. Have the right provider in place 

To read the full report, click HERE:- 

Image: Ideogram

You Might Also Read:

Boards Need To Step Up Or Risk Cybersecurity Fines:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Turning The Weakest Link Into Cybersecurity’s Strongest Line Of Defence 
Fiber Optic Switches: Powering Secure, High-Speed Networks »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Oxygen Forensics

Oxygen Forensics

Oxygen Forensics offer the most advanced forensic data examination tools for mobile devices and cloud services.

Logicalis

Logicalis

Logicalis are a leading provider of global IT solutions and managed services.

DMH Stallard

DMH Stallard

DMH Stallard is a mid-market law firm. Areas of expertise include cyber security and cyber crime.

Information-Technology Promotion Agency (IPA) - Japan

Information-Technology Promotion Agency (IPA) - Japan

IPA is an implementing agency in Japan with a role to address Information Security, IT Systems Reliability and IT Resource Development.

Usenix

Usenix

Usenix brings together the community of engineers, system administrators, scientists, and technicians working on the cutting edge of computing.

Remediant

Remediant

Remediant is the leader in Precision Privileged Access Management. We protect organizations from ransomware and data theft via stolen credentials and lateral movement.

Viscount Systems

Viscount Systems

Viscount Systems is a global security software solutions company that is changing the way access control is deployed and managed in the enterprise.

CSIRT GOV - Poland

CSIRT GOV - Poland

Computer Security Incident Response Team CSIRT GOV, run by the Head of the Internal Security Agency, acts as the national CSIRT responsible for coordinating the response to computer incidents.

National Digital Exploitation Centre (NDEC) - United Kingdom

National Digital Exploitation Centre (NDEC) - United Kingdom

NDEC is a project to create a centre of cyber and digital development and education for the UK. It will offer training in digital practices, cyber security and research.

International Data Sanitization Consortium (IDSC)

International Data Sanitization Consortium (IDSC)

IDSC is a group composed of individuals and companies dedicated to standardizing terminology and practices across the data sanitization industry.

Agile Underwriting

Agile Underwriting

Agile, an underwriting agency, insurtech and Coverholder at Lloyd's, provides niche insurance products across Aviation, Marine & Cargo, Cyber and Financial Lines.

Mage Data

Mage Data

Mage (formerly Mentis Software) is a leading solutions provider for data security and data privacy software for global enterprises.

M.Tech

M.Tech

M.Tech is a leading cyber security and network performance solutions provider. We work with leading vendors to bring optimal solutions to the market through a channel of reseller partners.

Uptime Institute

Uptime Institute

Uptime Institute is an unbiased advisory organization focused on improving the performance, efficiency, and reliability of business critical infrastructure.

RELIANOID

RELIANOID

RELIANOID is an application delivery controller and load balancing system that ensures high performance and security of IT services on a massive scale.

Common Good Cyber

Common Good Cyber

Common Good Cyber is an initiative to strengthen global cybersecurity by supporting organisations that deliver core cybersecurity services that protect the Internet as a whole.