While 63% of UK businesses believe that they are highly protected from attempts by outsiders to gain access to their systems and data, employees’ insufficient understanding is proving to be an obstacle to effective cyber risk management.
A Willis Towers Watson survey found that the disparity between corporate feelings of preparedness and the increasing number of cybersecurity incidents could be a result of a lack of responsibility or accountability among employees.
Meanwhile, 66% of firms maintain that they have the right processes in place to adequately react to privacy and security threats. However, employees ranked ‘insufficient understanding’ (61%) as the biggest barrier to their organisation effectively managing its cyber risk. Nearly half (46%) spent 30 minutes or less on cybersecurity training in 2016, while 27% received none at all.
Of the employees that completed cyber training, 62% admitted they “only completed the training because it was required,” and 44% believe that “opening any email on their work computer is safe,” suggesting that the employees may not be engaged or feel the personal accountability necessary to drive long-term, sustainable behaviours.
In addition, over 30% of employees surveyed have logged into their work-designated computer or mobile device over an unsecured public network. The Willis Towers Watson survey also showed that only 40% of the employers surveyed felt that they have made progress addressing cybersecurity factors tied to human error and behaviours in the last three years.
“Hackers are exploiting the fact that while corporations are building walls of technology around their organisations and their networks, by far the biggest threat to corporate digital security and privacy continues to come from the employees within, often completely by accident,” said Anthony Dagostino, head of global cyber risk at Willis Towers Watson.
Related stories:
Almost a third of UK firms lack cybersecurity insurance - report
New ransomware attacks may hit today, experts say
.jpg)
