According to a study commissioned by Axelos, a UK government joint venture, UK organisations are putting their reputation, customer trust and competitive advantage at greater risk by failing to provide staff with effective cyber security awareness and capability to defend against cyber-attacks.

The research report said this finding is a cause for concern, especially since 75% of large organisations and nearly a third of small organisations suffered staff-related security breaches in 2015, with 50% of the worst breaches caused by human error, according to the UK government’s 2015 information security breaches survey.

The study shows only a minority of executives responsible for information security training in organisations with more than 500 employees believe their cyber security training is “very effective”. Four in 10 say their training is “very effective” at providing general awareness of information security risks, while just over a quarter say their efforts are “very effective” at changing behaviour in relation to information security.

For ensuring compliance with regulatory requirements, 37% rate their training as very effective, but only 33% rate it very effective in reducing exposure to the risk of information security breaches. Only 32% are “very confident” that the training is relevant to staff, despite almost all respondents (99%) citing security awareness as important to minimise the risk of security breaches.

When asked how many staff had completed their information security awareness programme, respondents in a quarter of organisations said that no more than 50% of staff had done so.

Although 32% of organisations are ‘very confident’ about the relevance of the training they provide, there are nearly two-thirds (62%) that are only ‘fairly confident’.