The findings illustrate responses from organisations and their employees on cyber security practices across the US and the UK. The report has revealed that two-thirds (63 %) of UK businesses believe that their organisation is highly protected from attempts by outsiders to gain access to their systems and data. A similar proportion of organisations (66 %) maintain that they have the right processes in place to adequately react to privacy and security threats.
Nevertheless, UK employees ranked “insufficient understanding” (61 %) as the biggest barrier to their organisation effectively managing its cyber risk. Nearly half (46 %) spent 30 minutes or less on cybersecurity training in 2016, and over a quarter (27 %) received none at all.
Moreover, the employees that did complete cyber training, nearly two-thirds (62 %) admitted they “only completed the training because it was required”, and nearly half (44 %) believe that “opening any email on their work computer is safe”, suggesting that the employees may not be engaged or feel the personal accountability necessary to drive long-term, sustainable behaviours.
Some additional findings include over one third of employees surveyed have logged into their work-designated computer or mobile device over an unsecured public network (such as public Wi-Fi) and only 40 % of the employers surveyed felt that they had made progress addressing cybersecurity factors tied to human error and behaviours in the last three years.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now