Over half of senior executives say their security policies have not kept pace with changes in the workplace

Jun 18, 2021 | Regulation

Businesses are leaving themselves exposed to cyberattacks thanks to ineffective cyber security training programmes and a widespread reluctance among employees to engage with cyber security teams, according to a report released by Fujitsu, which examines the challenges organisations face when trying to build a strong cyber security culture.

The report – Building a Cyber Smart Culture – found that the (54%) of senior executives say their security policies are struggling to keep pace with the changing threat landscape thanks to remote and hybrid working; leaving the organisations exposed to cyber criminals and data breaches.

The Building a Cyber Smart Culture report found that:
• Almost half (45%) of senior executives say that most people in their organisation believe that cyber security has nothing to do with them
• Three in five (60%) said all employees in their company receive the same cyber security training, despite a significant difference in roles and security issues that they face
• Training is most effective when it involves games, rewards, or quizzes, according to seven in 10 (69%) employees
o Three quarters (74%) of non-technical employees didn’t find training engaging enough, almost a third (32%) claim their company’s training courses were too long and 35% said they found training boring or too technical

In 2020, the UK National Cyber Security Centre2 reported a 15-fold rise in the removal of online scam campaigns compared with 2019. Yet despite this increasing risk, the research findings showed that almost two-thirds (61%) of employees believe their current cyber security training is ineffective.

When looking at how employees view their organisation’s cyber security training, the report found that nearly three quarters (74%) of non-technical employees didn’t find training engaging enough. Almost a third (32%) also claimed their company’s training courses were too long, while 35% said they found training boring or too technical (also 35%).

Other significant findings of the research also paint a picture of a workforce that is unengaged and lacking the necessary skills they need to protect themselves and their organisation against a cyber-attack:
• Almost half (45%) of senior executives say that most people in their organisation believe that cyber security has nothing to do with them
• Three in five (60%) said all employees in their company receive the same cyber security training, despite a significant difference in roles and security issues that they face

In answer to these challenges, the research also identified ways for organisations to help build a stronger cyber security culture. Over two-thirds (68%) said that gamification of training and awareness was a key approach, with training being most effective when it involves games, rewards, or quizzes to improve security awareness or behaviour. The report also suggests that creating on-going dialogue between security teams and the rest of the business would go some way to addressing the challenge that nearly 48% of non-technical employees are afraid to flag potential cyber threats.

Mike Smit, Head of Enterprise & Cyber Security at Fujitsu UK & Ireland, says that employees are a critical piece of the cyber security puzzle for organisations, but their current lack of engagement between cyber security teams and the rest of the business leaves businesses open to significant risks.

“Thanks to the pandemic forcing organisations to move to remote or hybrid working, a number of weak points have been exposed when it comes to cyber security and employees are one target that has come under increasing fire from cybercriminals. Business leaders must understand that having a robust and effective cyber security approach relies on more than just IT and technical defenses, it also requires a ‘human firewall’ of trained, vigilant employees.

“In our new hybrid-working world, it is critical that organisations invest in a strategy where all employees receive tailored training that addresses the threats they encounter in their specific roles. This means Cyber Security teams have to get closer to the business areas to understand their specific challenges. Putting the right training in place to ensure your employees are aware of the risks will make a significant difference to an organisations’ overall security posture. And, ultimately, it will build a sense of collective responsibility where every employee is engaged in the security process.”

https://blog.uk.fujitsu.com/