Only 31% Of Employees Get Annual Cyber Security Training

Uploaded on 2019-10-02 in JOBS-Training, FREE TO VIEW, TECHNOLOGY--Resilience

A new Report reveals that employee education is key for small businesses to prevent cyber-attacks yet many employees are not being cyber-trained. 

Even with headline after headline about the latest data breach, people are not encouraged to defend against their cyber exposure. 

The Chubb 3rd Annual Report 
The goal of insirance firm Chubb’s 2019 Cyber Risk Survey is to determine the level of understanding individuals have about their cyber risks. While at the same time looking at the steps they are taking to protect themselves. For small businesses with limited resources, complacency can have detrimental consequences. This is because the chance of a small company crashing out of business after a cyber-attack is highly likely. And the best way to defend themselves is by making everyone in the company more aware.

Fran O’Brien, Division President of Chubb North America Personal Risk Services, said  “When it comes to your cyber-security, there’s no such thing as being over-prepared.” He also says, “While it’s important that the vast majority of respondents remain concerned about a breach, concern itself isn’t enough. Individuals often say their lack of cybersecurity action is because it seems too time-consuming in the moment. But implementing cyber safeguards today will save time and financial resources tomorrow, should a breach occur.”

If you are a valued target, sooner or later a breach is very likely to take place. and just because you are a small business, it doesn’t mean you are immune to attacks. Because 43% of cyber-attacks target small businesses.

2019 Cyber-Security Risk Statistics
In the study, 70% of the respondents say their company has “excellent” or “good” cyber-security practices. But only 31% of them receive annual company-wide training or updates from their employer.

Considering employee education lies at the core of the cybersecurity problem, more needs to be done. And the lessons they receive have to be from a reliable source. Because the survey says more than a third are learning about protection against cyber-security risks from mainstream media (35%) and family and friends (34%).

Only 19% report they learn about cyber-security protection through their employer. This means the vast majority of the workforce doesn’t have the necessary skills to protect their business. And this results in employees and individuals not being able to identify an attack when it is taking place.

Identifying Attacks
The one common form of attack the respondents defined correctly is ransomware at 54%. But it goes downhill from there as most of them couldn’t identify credential stuffing (59%), Emotet (72%), and Ryuk (74%).
These forms of attack are barely scratching the surface, and unless your company specialises in cybersecurity it is impossible for your staff to know everything. The key is to teach your employees so they can have a general understanding of these common attacks.

Cyber Security Training
Coupled with strict governance and mandatory annual training, you can bring your employees up to speed. And according to Chubb, the training, which can be taken online and limited to an hour, is enough to help employees identify breach warning signs. By identifying these signs, your employees can stop full-blown attacks so you can intervene.
Small businesses can implement policies to ensure everyone in the company becomes part of the first line of defense against a cyberattack. But even with the best efforts, it may not be possible to stop an attack. And this is why cyber insurance should be a serious consideration to fully protect your business.

According to Chubb, with the right cyber insurance, you can get an inclusive mix of defensive and protective measures. This includes capabilities which provide fast response in a worst-case scenario. In addition to a financial loss mitigation tool, it should also help individuals understand how to prepare ahead of a potential cyber-attack.

For effective employee cyber training which is engaging, endorsed by leading experts and will improve cyber behaviour across your entire organisation please contact Cyber Security Intelligence

SmallBizTrends:         Chubb:       Image: Nick Youngson

You Might Also Read:

Why Cyber Training Is So Important For Business:

Effective Cybersecurity Requires Both Cyber Training & Insurance Cover:

 

 

« Cyber Insurance Is Unsustainable On Its Current Path
Easy Cyber Knowldege Ch.4 The Internet of Things (IoT) »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NCX Group

NCX Group

NCX Group is committed to helping customers identify and mitigate the risks inherent in today’s interconnected environments and business processes.

Infoblox

Infoblox

Infoblox solutions help businesses automate complex network control functions to reduce costs, increase security and maximize uptime.

Magal Security Systems (Magal S3)

Magal Security Systems (Magal S3)

Magal Security Systems is a leading international provider of integrated solutions and products for physical and cyber security, safety and site management.

SecuTech Solutions

SecuTech Solutions

SecuTech is a global leader in providing strong authentication and software licensing management solutions.

Clavis Information Security

Clavis Information Security

Clavis is an Information Security company offering a complete portfolio of solutions from Pentesting and Security Assessments to Managed Security Services and Training.

Approachable Certification

Approachable Certification

Approachable Certification is a UKAS accredited certification body offering down-to-earth and competitively priced audits against ISO Management Systems standards.

Dellfer

Dellfer

Dellfer secures connected cars and other IOT devices through Intrinsic protection, enabling the most sophisticated cybersecurity attacks to be seen instantly and remediated with precision.

InnoValor

InnoValor

InnoValor realises value from digital innovation for organisations and government. We provide advisory services and develop innovative software solutions, based on our background in research.

NetSecurity

NetSecurity

NetSecurity is a Brazilian company specializing in Information Security. We provide Managed Security Services (MSS), network security solutions and other specialist services.

BlackRidge Technology

BlackRidge Technology

BlackRidge Technology develops, markets and supports a family of products that provide a next generation cyber security solution for protecting enterprise networks and cloud services.

United Network Technologies

United Network Technologies

United Network Technologies is a leading Managed Services Provider, distributor and developer of specialised cyber security components and technologies.

Ampere Industrial Security

Ampere Industrial Security

Ampere is an industrial security firm. We specialize in industrial control systems (ICS) and operational technology (OT) security.

Etisalat

Etisalat

Etisalat Group is one of the world’s leading telecom groups in emerging markets.

European Cybersecurity Competence Centre (ECCC)

European Cybersecurity Competence Centre (ECCC)

The ECCC aims to increase Europe’s cybersecurity capacities and competitiveness, working together with a Network of National Coordination Centres to build a strong cybersecurity Community.

C2 Risk

C2 Risk

C2 Risk are focussed on risk analytics for information assurance, privacy and ESG (Environmental, Social, and Governance).

ARC Risk and Compliance

ARC Risk and Compliance

ARC Risk and Compliance is a consulting company comprised of a team of AML Specialists completely focused on anti-money laundering compliance and the technologies used to support compliance programs.