UK employees insufficiently understand cyber threats

A majority of UK businesses believe they are adequately protected against cyber crime, despite employees indicating they insufficiently understand the threats, research by Willis Towers Watson has found.

The survey revealed that 63% of UK corporates believe their organisation is highly protected from cyber attacks, while 66% maintain that they have the right processes in place to adequately react to privacy and security threats.

Willis Towers Watson’s Cyber Pulse Survey also found that the disparity between corporate feelings of preparedness and the increasing number of cybersecurity incidents could be a result of lack of responsibility or accountability among employees. UK employees ranked ‘insufficient understanding’ (61%) as the biggest barrier to their organisation effectively managing its cyber risk. Nearly half (46%) spent 30 minutes or less on cybersecurity training in 2016, and over a quarter (27%) received none at all.

Of the employees that did complete cyber training, 62% admitted they “only completed the training because it was required”, and 44% believe that ‘opening any email on their work computer is safe’, suggesting that the employees may not be engaged or feel the personal accountability necessary to driving long-term, sustainable behaviours, the brokerage firm said.

Anthony Dagostino, head of global cyber risk at Willis Towers Watson, explained: “As the world has seen with the proliferation of phishing scams, most recently highlighted by the global WannaCry ransomware attack, the opening of just one suspicious email containing a harmful link or attachment can lead to a company-wide event. However there appears to be a disconnect between executive priorities around data protection and the need to invest in a cyber-savvy workforce through training, incentives and talent management strategies.”

He added: “Hackers are exploiting the fact that while corporations are building walls of technology around their organisations and their networks, by far the biggest threat to corporate digital security and privacy continues to come from the employees within, often completely by accident.

“A truly holistic cyber risk management strategy requires at its core a cyber-savvy workforce, however organisations first have to know where the vulnerabilities are in order to plug the gaps. Many organisations are facing talent deficiencies and skills shortages in their IT departments, which in turn are creating significant loopholes in their overall security measures.”