There is a “dangerous” lack of awareness among UK workers towards cybersecurity, leaving businesses at risk of attacks, according to a new study by Armis. This is despite 60% of workers admitting they have fallen victim to a cyber-attack.
The nationwide survey of 2000 UK employees found that only around a quarter (27%) are aware of the associated cyber risks, while one in 10 (11%) don’t worry about them at all.
Even more worryingly, just one in five people said they paid for online security, putting businesses at high risk of attacks amid the shift to remote working during COVID-19.
The most prevalent types of attacks experienced by workers or their organizations were phishing (27%), data breaches (23%) and malware (20%).
The study also revealed growing concerns about the scale of the cyber-threats facing the UK. A large-scale cyber-attack was ranked as the fourth biggest future concern (21%) among the respondents, equal to the UK going to war. Two-fifths (40%) said they would like to see a minister for cybersecurity installed to ensure the issue is focused on more at a government level.
Russian-backed cyber-criminals were considered the biggest threat to the UK’s cybersecurity (20%) by the respondents, followed by financially motivated cyber-criminals (17%) and Chinese-backed cyber-criminals (16%).
Conor Coughlan, CAO and general manager for EMEA at Armis, outlined: “It’s clear that cybersecurity awareness and training must be made a priority within the UK government.
“This is an issue that must be addressed from the top down. Moving forward, more emphasis should be placed on security awareness training as well as technology controls that give organizations a full picture of risk exposure. Organizations need to understand the importance of investing in the right security to protect themselves and their customers and to avoid experiencing any downtime.”
Reacting to the findings, Javvad Malik, lead security awareness advocate at KnowBe4, said the study demonstrated the need for organizations to create a strong cybersecurity culture among their workforces. "The results of this survey demonstrate why it's important for organizations to not just push out security awareness messages, but why it's vital they foster a culture of security throughout so that everyone is aware of the importance their role plays in securing the organization.
“While technical controls and security teams have a large part to play in securing an organization, the impact of an individual's actions and the role they have to play in securing the organization needs to be emphasized repeatedly.
“Just as engineers build safe roads and bridges, and car manufacturers build safe vehicles, we still need road signs, markings and good driving to create a safe road network for everyone. We need people to play their part in keeping their organizations safe."
Jamie Akhtar, CEO and co-founder of CyberSmart, concurred, stating: “Unfortunately, while Armis’ findings are deeply worrying, they aren’t surprising. We’ve long had a dangerous lack of cybersecurity awareness in the UK. However, this isn’t the fault of individual employees or even small businesses themselves. For too long, practicing good cyber hygiene has been viewed as a specialist skill that the average employee or small business owner couldn’t possibly do themselves. But the only way to improve cybersecurity across society is to empower everyone to take responsibility for their own safety. And we need to give small businesses and their employees the knowledge, skills and tools to do it. This will require a combination of standards, state intervention, education and easily accessible tools.”