How well-prepared is the UK’s workforce for a cyber attack on the companies they work for?
What generally dictates the capability and performance of anyone, working anywhere is the relevance and effectiveness of the training and learning they’re given and the behaviours they adopt as a result of this. That’s why the picture of preparedness painted by our latest research into information security awareness learning among UK companies suggests that current approaches are failing.
While it’s positive to note that 99% of business executives responsible for such learning in organizations said that information security awareness learning is “important to minimise the risk of security breaches”, less than a third of them (28%) judged their organization’s cyber security awareness learning as “very effective” at changing staff behaviour. A similar minority (32%) are “very confident” that the learning is relevant to staff, highlighting that over two-thirds are less than very confident in the learning they provide.
This comparatively low level of corporate confidence in the ability of people to deal with a potential cyber attack is simply not good enough in an era where cyber-crime has become ‘business as usual’. It reflects either a lack of understanding – or a state of denial about – the impact that a successful cyber attack can have on a business: reputational damage, loss in competitive advantage and disrupted operations. Organizations cannot continue accepting this level of employee awareness and competence in the face of sophisticated cyber criminals with ever-evolving methods to target their most sensitive and precious information and systems?
And while the level and quality of the cyber awareness learning is clearly alarming, so is the misplaced confidence in technology to prevent cyber breaches. Wherever there are people in an organization – from the executive suite to the shop floor – there are vulnerabilities.
Yes, our research paints a bleak picture, but there is a flipside to this: people – with engaging, regular and adaptive awareness learning – can be more effective security control against cyber-crime.
To support our RESILIA™ Awareness learning we’ve created a new, downloadable guide to help directors and managers responsible for information security awareness learning and associated staff training evaluates the effectiveness of their current approaches and highlight potential improvements that can be made to their people’s cyber resilient behaviours.
The guide enables you to understand how cyber aware your organisation is, what areas your information security awareness learning should cover and recommends 8 essential steps you can take now to improve your cyber resilience.
Cyber attackers have the upper hand – they only need to be successful once. Your people – all of them – have to be aware and capable to make the right decisions, every time they’re exposed to different cyber risks.
Preparing them effectively for when, not if, that day comes requires a new approach to learning – one that truly engages them and which uses the latest learning techniques to drive new cyber resilient behaviours.
Download our cyber resilience guide, Are your people playing an effective role in your cyber resilience? (PDF, 165KB) (updated January 2017).
See our RESILIA™ section for more information about cyber resilience.
Read more AXELOS Blog Posts from Nick Wilding
Cyber Resilience: it’s all about behaviours
Cyber Resilience: it’s all about behaviour, not bits and bytes
Cyber Resilience: We need to TalkTalk
Cyber Resilience: developing a new language for all
Looking for Business Leaders in the Cyber Resilience Race