Over Confidence In Cyber Security Training Reduces Security

Uploaded on 2024-12-16 in JOBS-Training, FREE TO VIEW

New research by Threat Detection and Response provider, e2e-assure, reveals an alarming disconnect between cyber risk owners and employees within Financial Services, when it comes to cyber security training. 

Despite most (82%) cyber risk owners in this sector being confident employees are engaged in the training they offer, the majority (69%) of workers said they are either only ‘somewhat engaged’ (55%) or ‘not engaged’ (14%) in the training provided by their organisation.

As the sector undergoes digital transformation, and operational efficiencies are increasingly pushed for, staff are experimenting with new tooling to increase their productivity. As a result, most cyber risk owners (76%) are feeling either “very concerned” (25%) or “somewhat concerned” (51%) about the use of AI within their organisation. 
Over one in four cyber risk owners (43%) said their biggest frustration with employees was the use of unauthorised software

The research also found that although most cyber risk owners (80%) are confident in the AI polices they have introduced, there is a clear disconnect between the confidence in these policies and employee understanding. 

  • One in five (20%) of employees stated their company has policies, but admitted they don’t know what they are, and 17% have no idea whether their company has them. 
  • Comparing this year’s findings to e2e-assure’s 2023 research, although 49% of cyber risk owners in Financial Services say resilience is at the top of their agenda this year, up from 34%, speed is now the top priority for the majority (57%).  

This focus on speed over resilience, could suggest that the sector has a closer eye on external threats, jeopardising previous resilience gains if left unchecked.  

  • The research showed that when cyber attacks happen, 43% of Financial Services employees receive a disciplinary and training if they cause a breach, the highest out of all the sectors surveyed. In addition, while 37% have witnessed cyber security incidents happen, only 14% have reported them to IT.
  • But despite cyber risk owners’ confidence in training and AI policies being rolled out, employees revealed the training they are receiving isn’t cutting through, with the vast majority (69%) either only ‘somewhat engaged’ (55%) or ‘not engaged’ (14%) in the training provided by their company.  

In a sector for which speed is of utmost importance, this approach could ironically be slowing companies down, with breaches being framed as individual failures, and employees afraid to report cyber malpractice due to a reactive focus on disciplinaries.   

The data also highlights how cyber risk owners’ confidence in training programmes may be causing them to overlook gaps in the process. The research revealed employees are not receiving the style of training that resonates with them.

Employees in this sector are less likely to receive real-life scenario training (39%), despite a huge majority (82%) of workers stating they would be more engaged if they did. Rob Demain, Founder and CEO at e2e-assure, said: 
“Our research paints a picture of a sector that is overly focused on external threats, rather than fully understanding the risks from within such as employees being unaware of AI policies and therefore using unauthorised software that could jeopardise a company’s security... This sector’s reactive approach to cyber defence and employee training, perhaps understandable in an industry which prioritises speed due to high stakes, is having the unintended consequence of increasing cyber risk...   

“Data attacks such as phishing are becoming more frequent in the Financial Services sector. To ensure future resilience, cyber risk owners must turn their attention to how to mitigate this risk through effective, tailored employee training.” 

The findings show it’s vital for cyber risk owners to start looking at their resilience picture from the ground up, with four key recommendations emerging: 

  1. Tailor training to engage employees 
  2. Create a security awareness culture 
  3. Use automation to reduce human error 
  4. Have the right provider in place 

To read the full report, click HERE:- 

Image: Ideogram

You Might Also Read:

Boards Need To Step Up Or Risk Cybersecurity Fines:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 

« Turning The Weakest Link Into Cybersecurity’s Strongest Line Of Defence 
Fiber Optic Switches: Powering Secure, High-Speed Networks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

InformationWeek

InformationWeek

InformationWeek is the world's most trusted online community for business technology professionals like you.

SISA

SISA

SISA is a global forensics-driven cybersecurity solutions company, trusted by leading organizations for securing their businesses with robust preventive and corrective cybersecurity solutions.

Focal Point Data Risk

Focal Point Data Risk

Focal Point is a pure-play data risk management provider capable of offering end-to-end consulting, implementation, and training services.

Jiran Security

Jiran Security

Jiran Security provides data and application security solution over email, mobile device and endpoints.

Cybersixgill

Cybersixgill

Cybersixgill was founded with a single mission: to protect organizations against malicious cyber attacks that come from the deep and dark web, before they materialize.

Quorum Cyber

Quorum Cyber

Quorum Cyber offer end-to-end cyber security solutions, specialising in Managed Security Services, Consulting and Resourcing.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Coalition

Coalition

Coalition combines comprehensive insurance and proprietary security tools to help businesses manage and mitigate cyber risk.

CRI4DATA

CRI4DATA

CRI4DATA's mission is to help organizations build their resilience to cyber risk.

ThreatSwitch

ThreatSwitch

ThreatSwitch a software platform for cleared federal contractors to get and stay compliant with NISPOM and Conforming Change 2.

Athreon

Athreon

Athreon utilizes a fusion of AI technology, human interpretation, and the latest in cybersecurity to deliver sound business solutions that help our clients make better data-driven decisions.

SolCyber

SolCyber

SolCyber, a Forgepoint company, is the first modern MSSP to deliver a curated stack of enterprise strength security tools and services that are accessible and affordable for any organization.

National Security Services Group (NSSG) - Oman

National Security Services Group (NSSG) - Oman

National Security Services Group (NSSG) is Oman's leading and only proprietary Cybersecurity consultancy firm and Managed Security Services Provider.

Ipstack

Ipstack

Ipstack offers one of the leading IP to geolocation APIs and global IP database services worldwide. Protect your site and web application by detecting proxies, crawlers or tor users at first glance.

Chugach Government Solutions (CGS)

Chugach Government Solutions (CGS)

CGS performs work for the Federal Government across 4 unique core lines of business, including: Facilities Management and Maintenance, Construction, Technical IT and Cyber Services, and Educational Se

CypherEye

CypherEye

CypherEye is a next generation trust platform that advances the current state of Multi-factor Authentication (MFA) to enable highly secure, private and auditable cyber-transactions.