A quarter (25%) of company directors are prevented from delivering cybersecurity training to staff by budgetary constraints, according to iomart’s Cybersecurity Insights Report.
The survey of UK-based workers across C-level, director, manager and employee level, found that 28% of businesses offer no cybersecurity training whatsoever. Additionally, 42% said that whilst some training was offered by their firm, it was only available to select staff, while over two-thirds (70%) of respondents revealed their company doesn’t provide training to all employees.
Of those that confirmed they did receive training, 82% admitted this only consisted of a short briefing rather than a comprehensive course, with just 17% receiving regular sessions related to cybersecurity.
iomart therefore calculated that less than one in 10 (8%) of those who took part in the survey received regular cybersecurity training.
The study also found that a quarter (25%) of businesses do not have a disaster recovery policy, while a further 31% said there was one but they had never tested it.
These findings are especially concerning given that 20% of respondents reported they had seen an increase in cyber-attacks as a result of remote working, which has expanded enormously since the start of the COVID-19 pandemic.
Although company directors cited budget as the main factor in not delivering cybersecurity training, other factors highlighted by all respondents were a lack of technical expertise within the business (8%) and the issue not being a main priority (5%).
Bill Strain, security director of iomart, commented: “It’s clear that many organizations still don’t consider cybersecurity and data protection to be a top priority.
“They need to understand what the potential threats are and build resilience into their business strategy so they can react quickly and maintain operations if their IT systems are compromised.
“Many businesses would not survive the operational – let alone financial – impact of a data breach. By understanding the potential risk and introducing positive behavior around cyber-awareness, they have a much better chance of surviving an incident.”
In a survey at the end of last year, a third of remote working employees said they had not received security training in the last six months.