Cloud access management company Centrify has found 77% of UK workers surveyed revealed they have had no cybersecurity training.
Independent survey company Censuswide questioned 2,000 UK professional services workers for Centrify. They found over three quarters had received no cyber skills training from their employers.
Passwords are still a major cybersecurity weakness for UK businesses
Not just that but 27% of workers use the same password for many of their logins, like their work email and their social media accounts. A worrying cross-over between personal cyber security and that of the business they work for. 14% admit to keeping their passwords written down and stored on or in their desk or office.
This despite cybersecurity initiatives
The Commentator notes that these frightening figures are despite the UK government’s Cyber Essentials programme available to many businesses. Suppliers to the UK government who handle some sensitive and personal information must have the certification. And, according to Wikipedia 6,000 Cyber Essentials certificates have already been awarded. These figures are also despite the implementation of GDPR, which one would hope would raise cybersecurity and even good password awareness somewhat.
The survey also found that a massive 69% of the workers asked said they didn’t have confidence in their personal cyber security processes to protect their own data. And, 14% don’t use multi-factor login authentication measures for their banking and social media accounts even when they are available. Centrify Vice President Andy Heather was duly surprised:
“In an age where cyber attacks have emerged as one of the most ruthless and successful forms of crime that can be committed against a business on a large scale, it is astounding to hear that so many UK companies neglect to instil even the most basic cyber security measures in their employees.”
With so many attacks focusing on password vulnerabilities businesses are at a huge risk if a cyber criminal manages to get hold of an employee’s password. Weak passwords leave “easy entry points” so it’s vital “to ensure malicious parties cannot run riot in company systems with stolen log-in credentials.”
“Just one misplaced password could result in the theft of millions of sensitive company documents, personal information and financial fraud, allowing hackers access to critical data.”
Other research by the Pew Research Center found 86% surveyed do memorise their passwords but 49% write them down on paper. This noting of passwords is perhaps less surprising, but still incredibly shocking, when you consider a LastPass study found the average person has to keep track of 191 passwords. Verizon illustrates that passwords could be the weakest cybersecurity link by finding that 81% of data breaches occur due to stolen or weak passwords.
To meet this problem head on Centrify’s Heather recommends “urgent investment in cyber skills training and adopting a zero-trust approach.”
Cybersecurity awareness training is needed
These latest figures from Centrify’s survey are worrying. They are not alone. Cybersecurity Ventures predicts cyber security clean-ups will cost £4.7 trillion by 2021. Even to a small company, a cyber breach recovery could cost £25,700.
Companies have to calculate their return on investment (ROI) for cybersecurity awareness training. We attempted the math here at The Defence Works. Cybersecurity training ROI is not necessarily easily quantifiable. The facts are that a cyber attack could hit any business at any time, but your business may well dodge the proverbial bullet. If you do fall victim to a cybercriminal or network, it will cost you dearly.
– Check out our hilarious security awareness training series:
Cyber security awareness training can start simply and be planned and conducted internally. It all helps.
Or, consider talking to us here at The Defence Works about security awareness training. We cover complete professional security and personal cyber security protection with effective bite-sized modules suitable for any sized business. Try our free demo to learn more.