Security Training Should be Legal Requirement, Say Employees

Written by

As many as 93% of employees think their company should be legally bound to offer cybersecurity training, yet over half haven’t received any help in the past year, according to FutureLearn.

The social learning platform polled almost 500 employed users of its platform and found that while the vast majority (85%) use email for work, an increasing number also need to use social media (30%), cloud collaboration and storage platforms (45%) and online portals for managing staff and/or customer data (36%).

Over half (57%) claimed they hadn’t received any cybersecurity training in the past 12 months, leaving the organization more exposed to unauthorized access attempts.

Many respondents claimed their employer does provide guidance and has policies on things like data handling, internet security, encryption and password management, yet only 58% said they were confident about keeping the corporate network secure.

The top five skills respondents want to learn are: how to recover from breaches (59%); identifying malware types (57%); how to check if a firm has had a breach (54%); safe storage and handling of customer data (53%) and website safety.

FutureLearn’s Stephen Somerville argued that with the GDPR set to impose massive fines for firms who fail to adequately protect customer data, the stakes have been raised significantly.

“It’s no surprise that organizations who take the threat of cyber-attacks seriously want to educate employees in order to avoid a data breach and the associated potential fines of €20 million or 4% of global annual turnover", he added.

Cybersecurity training programs are often overlooked by employers in favor of technology investments.

This is especially true among smaller businesses, where budgets are tighter.

A recent poll of 250 UK SMEs by insurer CFC Underwriting found that more than a quarter (27%) still don’t train their employees in cyber-awareness, despite a 78% rise in claims from 2015 to 2016.

That could be set to change, however, with some estimates claiming the training market could be worth as much as $10bn by 2027.

What’s hot on Infosecurity Magazine?