Half UK Employees Have No Cyber Security Training

Uploaded on 2016-08-03 in NEWS-Cybersecurity News, JOBS-Training, FREE TO VIEW, TECHNOLOGY--Resilience

More than half of UK office workers say their employers have provided no cyber security awareness training, according to ISACA’s 2016 Cyber Security Perceptions study of more than 2,000 UK consumers online.  

More than one in three respondents (36%) say they could not confidently define a phishing attack—a scam in which someone poses as a reputable organisation in email, IM or social media messages to solicit information—and one in five (19%) have fallen prey to phishing emails. Additionally, when asked to prioritize between a fast Internet connection and a secure one, 1 in 3 chose speed.

“It is critically important that we create awareness in cybersecurity and in multiple roles within an organization,” said Christos Dimitriadis, Ph.D., CISA, CISM, CRISC, chair of ISACA’s board of directors. “The human factor is critical when creating cybersecurity capability, and education based on practical guidance is key to reducing the related business risks.”

Fourteen percent of respondents have used an easy-to-guess password to save time, 16% have shared their password with others, 15% have used a USB stick that wasn’t theirs, and 11% skipped the opportunity to use multi-factor authentication because it wasn’t convenient. 

Additionally, more than three-quarters of respondents (76%) don’t know what ransomware is (especially concerning since 93% of phishing attacks now include ransomware, according to a new Phishme report) and nearly two-thirds (62%) could not define a breach, despite high-profile incidents regularly featuring in mainstream UK media.

Despite these findings, the majority of those surveyed are confident in their abilities to protect their own sensitive data (79%) and almost three-quarters (74%) of employees are confident in their employer’s ability to do so.

“Consumers are confident—perhaps overly so—in their own abilities to keep their data safe. But these findings show that a gap exists between perception and reality. By failing to educate employees, organisations are leaving themselves more vulnerable to attack,” said Dimitriadis. “Ransomware, for example, is a fast-growing threat and phishing attacks are commonplace. 

Employees should be taught what these terms mean and the role they play in defending against them. Starting with better education and training in the workplace, we can help to improve safety and security online.”

Cyber Security Career Perceptions

The survey also revealed perceptions about cyber security as a career track. While more than half of UK consumers (57%) believe cyber security is an important career, fewer than half of respondents (44%) believe these roles are in demand and only 1 in 3 (36%) believes it pays well—surprising findings given that a million cybersecurity positions remain unfilled worldwide, according to Cisco. 

Additionally, HR firm Robert Walters reports that average salaries for cyber security professionals in the UK will rise 14% this year with some increasing by almost 40%.

Nearly one in five say the cybersecurity profession is too male-dominated—an expected perception, given that women hold only 10-25% of all cybersecurity positions, according to recent research. Additionally, nearly one in four (23%) say it is a career “for geeks.”

“Cyber security is an excellent career choice for both men and women who want to play a critical role in their organisations and who are looking to develop a strong mix of business and technical skills—and they can expect to be well compensated for these skills,” said ISACA CEO Matt Loeb.

“These findings show that there is still work to be done in changing the perception of cybersecurity and building a pipeline of qualified cyber security candidates.”

As part of that work, the nonprofit, independent ISACA established Cybersecurity Nexus (CSX), to help organizations develop a skilled cyber security workforce, and to help individuals pursue and advance in cyber security careers.

ISACA

« Shedding Light On The Dark Web
Cybersecurity Is A Boardroom Blind Spot »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Cloudera

Cloudera

Cloudera provide the world’s fastest, easiest, and most secure data platform built on Hadoop.

Stott & May

Stott & May

Stott & May is a specialist cyber security recruitment agency.

Nubo Software

Nubo Software

Nubo’s Virtual Mobile Infrastructure creates a virtual corporate device on your employee smartphones and tablets. Enable unlimited mobility without leaving any data at risk.

Auxilium Cyber Security

Auxilium Cyber Security

Auxilium Cyber Security is independent information security consultancy company providing cyber security services tailored to meet the evolving needs of organizations worldwide.

SoSafe

SoSafe

SoSafe empowers organizations to build a security culture and mitigate risk with its GDPR-compliant awareness programs.

Recruit.net

Recruit.net

Recruit.net allows job seekers to instantly find millions of jobs from thousands of web sites with a single search.

EMnify

EMnify

EMnify is a Software-as-a-Service (SaaS) company, revolutionizing cellular Internet of Things (IoT).

CyCraft Technology Corp

CyCraft Technology Corp

CyCraft is an AI company that forges the future of cybersecurity resilience through autonomous systems and human-AI collaboration.

Secuvant

Secuvant

Secuvant is an independent IT Security firm providing enterprise-grade IT security services to mid-market organizations.

Skudo

Skudo

Skudo is dedicated to creating innovative best-in-class solutions that protect data exchange with the highest level of security and privacy.

AccountabilIT

AccountabilIT

AccountabilIT is a full spectrum information technology services firm for enterprises with complex information technology needs seeking relief from those challenges.

Avalor

Avalor

Avalor are on a mission to help security teams make faster, more accurate decisions by making sense of their data. With Avalor you can bring in data from anywhere, normalize it and analyze it.

eMudhra

eMudhra

eMudhra is a leader in Identity and Transaction Management Solutions.

Uptime Institute

Uptime Institute

Uptime Institute is an unbiased advisory organization focused on improving the performance, efficiency, and reliability of business critical infrastructure.

XBOW

XBOW

XBOW brings AI to offensive security, augmenting the work of bug hunters and security researchers.

Maltiverse

Maltiverse

Maltiverse is a threat intelligence platform that provides security teams with high-fidelity threat data and malicious IOCs to enhance detection and response.