A recent report has found that just 15% of IT decision-makers in small organizations “completely agree” that their employees have a good understanding of cybersecurity, and 20% believe their employees don’t care about cyber security at all.
What’s more worrying is that despite these concerns, just 26% have introduced cybersecurity training for their employees. 15% stated that they “haven’t got around to it yet” while 5% think additional training should be offered but confessed that “they didn’t know where to start”.
Other key findings
- 17% of small UK businesses have suffered at least one cyber attack in the past year.
- 19% have been targeted between 6 and 10 times in the past year.
- 51% of organizations with 50–99 employees suspect that a breach has been kept a secret from them.
- 53% agreed that it seemed logical for cybersecurity awareness training to be near the top of the business agenda.
These findings are very concerning as small businesses are exposing themselves to unnecessary risks. Small businesses typically believe that they are immune to cybersecurity threats when it’s their very lack of interest in cybersecurity that makes them a favorite target for cybercriminals.
According to the report, “The UK’s small business community needs to rid itself of this idea that they are ‘too small’ to be targeted by cyber criminals. While they may not be targeted individually, they are highly likely to fall within a ‘mass targeting’ scheme where hundreds or thousands of small businesses are targeted at the same time.”
Where to start with staff awareness training?
Implementing staff awareness training doesn’t have to be time-consuming and expensive. E-learning courses are a preferred option for training employees because they are cost-effective and can be implemented quickly and with minimal disruption – the training can be taken around existing commitments.
Our Information Security and Cyber Security Staff Awareness E-Learning Course teach staff the basics of data security, information security risks, cybersecurity risks and dealing with threats. It also provides an overview of security weaknesses that criminals exploit and provides employees with the opportunity to apply the knowledge gained, through practical activities and an assessment.