Businesses are confident that they have sufficient cybersecurity systems in place to protect them, but in reality the weak link may be their employees, who lack basic skills and knowledge.
Employees on both sides of the Atlantic lack a basic understanding in cybersecurity, in stark contrast with businesses’ high confidence in their cybersecurity capabilities.
That is the main finding of a new survey conducted by Willis Towers Watson, which found that 63% of UK businesses believe their systems to be highly protected with the necessary processes in place for dealing with potential breaches.
However, the survey uncovered a lack of basic knowledge among the employees themselves, nearly half of whom said it was “safe to open any email on their work computer”.
A lack of engagement with cybersecurity training could be the root cause of the problem, with 62% of respondents stating that they only completed relevant training “because it was required”.
Nearly half (46%) of surveyed employees spent less than 30 minutes on training, while over a quarter (27%) received none at all.
The potential consequences of these knowledge gaps are alarming, with UK employees themselves ranking “insufficient understanding” of cybersecurity as one of the biggest barriers to effectively managing risks to data security.
The findings are likely to increase concerns surrounding preparations ahead of the upcoming GDPR regulations, which are due to come into force next May.
Despite a vast majority of US businesses claiming that GDPR compliance is at the top of their priorities, an IDC report released last month suggests that just one in five companies in Europe is prepared for the new rules.
Addressing such a gap in knowledge will be crucial, with Anthony Dagostino, head of Global Cyber Risk at Willis Towers Watson, warning: “A truly holistic cyber risk management strategy requires at its core a cyber-savvy workforce, however organisations first have to know where the vulnerabilities are in order to plug the gaps.
“Many organizations are facing talent deficiencies and skills shortages in their IT departments, which in turn are creating significant loopholes in their overall security measures.”
For more on improving employee cybersecurity knowledge and understanding, check out ESET’s free Cybersecurity Awareness Training.