Lack of cyber security knowledge puts UK firms at risk

A new study by Axelos has revealed that UK companies are failing to reinforce their employees’ cyber security knowledge, putting their reputation and data at risk.

Axelos is a joint venture established in 2014 by the UK Government and business process outsourcing firm Capita.

The research revealed that majority of companies are underestimating the role the human element plays in corporate cyber risk.

The findings are a cause for concern as 75% of large organisations experienced staff-related security breaches in 2015, with 50% of the worst breaches caused by human error.

According to the study, 99% of IT security training decision makers said cyber awareness learning and training is central to minimizing the risks to information security.

Just over a quarter (28%) feel their efforts have been very effective at changing staff behaviour towards cyber security, while 32% are very confident that their cyber security training is relevant to staff members and 62% are fairly confident.

Axelos head of cyber resilience best practice Nick Wilding said: "Despite organisations continuing to invest heavily in technology to better protect their precious information and systems, the number and scale of attacks continues to rise as they discover there is no ‘silver bullet’ to help them achieve their desired level of cyber security.

"And they often underestimate that the role that their own employees – from the boardroom to the frontline – can play: staff should be their most effective security control but are typically one of their greatest vulnerabilities."

Wilding said even though the research paints a bleak picture, people with engaging, regular and adaptive awareness learning can be more effective security control against cyber-crime.

Axelos’ Resilia best practice portfolio is designed to help organisations enhance their cyber resilience and protect themselves from cyber-attack.

To support its Resilia Awareness learning, Axelos created a new, downloadable guide, which allows companies to understand how cyber aware their organisation is, what areas information security awareness learning should cover.

The company recommended eight steps that companies should follow to improve their cyber resilience.

Last year, analysis from Kable revealed that the UK is one of the EU nations that invests the most on IT security and services.

British firms allocate 20.6% of their IT services budgets to security and privacy services, compared to EU’s average – also including the UK – of 19.4%. Only German companies spend more at 21.1%.