- Employee awareness
- 6 min read
Some think technology solves all. But even today safety technology-laden cars need a human with enough roadcraft to make them deliver all they can.
Firewalls are becoming more sophisticated and AI integration into cybersecurity is more effective than ever before. But does this mean we can relax, put our feet up and forget about training people?
In other words is cybersecurity awareness important?
A rhetorical question of course. Data breaches cost UK businesses an average of £2.9m per breach, and we know that over 95% of breaches are due to human error. Even the most advanced systems and latest technologies cannot catch every mistake. CISOs must show their teams why cybersecurity is important and communicate the collective role of all employees in minimising risk.
The UK Department for Digital, Culture, Media & Sports Cyber Security Skills Report found that only 11% of businesses provided cybersecurity training to non-cyber employees in 2020. That is a worryingly low figure. CISOs and security leaders have to consider if they are doing enough to increase awareness and provide adequate cybersecurity training for their employees.
The objectives for cybersecurity awareness and education are clear;
Breaches can and do cost millions. There are around 65,000 attempts to hack small-to-medium-sized businesses in the UK every day and a portion of these are successful. This can lead to closure for the smaller organisations. Therefore, cybersecurity awareness training is a non-negotiable cost that should factor in employee training budgets. Without the right training, businesses are at risk.
A key aim for CISOs is to make cybersecurity an integral part of their organisation’s culture. Easier said than done, I grant you. But you have to start somewhere. And regular company-wide awareness and training is a big step in the right direction. The value of security has to be built into the fabric of your business. Employees react positively to action-orientated and simulation-based training alongside traditional training methods. A rich and stimulating combination creates more opportunities for information to be internalised and behaviour to be modified.
As technology advances, people need to keep up with it. That takes training. Technology loses operational value if the people using it do not understand or implement it correctly. From monitoring firewalls to acknowledging and acting on security warnings, your company’s employees need to understand and implement best practice in every situation. Especially since many cyber attacks target people as the easiest way into a protected network.
It’s not just about your employees. The perception of customers is vital. A survey by Arcserve found that 70% of consumers believe organisations are not doing enough to ensure robust cybersecurity. Consumers are also actively turning their backs on companies that have experienced a cyber attack. Taking proactive steps to deliver training and keep cybersecurity awareness at the heart of your business is something your customers will appreciate and value.
Information security teams focus constantly on dealing with security threats and managing risk. However, this isn’t the case for other employees. They have their objectives, tasks and deadlines like you. But rarely do they coincide with yours. Pragmatic cybersecurity awareness programmes recognise this.
Threats are constant and growing. Therefore, a regularly updated training schedule and cybersecurity refreshers will ensure all employees are up-to-date with latest developments. This means they can act appropriately in the event of a cyber attack.
The latest cybersecurity technologies are innovative. For sure, they make your systems more secure and efficient. However, their value decreases significantly if an untrained employee makes mistakes. Putting your people first and investing on their skills, awareness and understanding will help maximise the value of your technology investment.
So, if the rhetorical question needs to be answered:
Yes, cybersecurity awareness is important.
To find out more about how we can help your employees feel confident and build awareness about cybersecurity with practical training programmes, please contact Jenny or your TSC Client Project Manager today.
© The Security Company (International) Limited 2023
Office One, 1 Coldbath Square, London, EC1R 5HL, UK
Company registration No: 3703393
VAT No: 385 8337 51