Staff training can help businesses reduce the risk of cyber attacks. At the same time, new figures from research commissioned by Accenture, has revealed the average cost of cyber crime to companies in the UK has risen by more than 19% over the last year to reach £6.4 million.
The research has been released in the wake of a series of high-profile cyber attacks to hit businesses and public services. A government report published earlier this year found that just under half of UK businesses were affected by a cyber attack in 2016, and that the most common type of attack was fraudulent emails, responsible for 72% of attacks.
A survey of 2,000 people, found over half of UK workers (55%) cannot recall ever receiving training on cyber threats from their employer, leaving many unsure how to prevent, identify or respond to an attack. The study suggests basic training could have a huge impact on security, making this a missed opportunity for UK businesses.
70% of those who had received training said it improved their ability to recognise and respond to cyber threats, and one in four (23%) thought training was the most effective protection against phishing and scams, more so than the police and authorities doing more to hunt hackers (4%).
There is evidence the workforce is becoming savvier on cyber issues, but clear areas of exposure remain. One of the most serious risks is from sophisticated phishing campaigns, identified as one of the biggest threats of 2017 in Accenture’s Cyber Threatscape Report, released earlier this year. This latest research showed one in five workers (19%) are not sure they could identify a phishing email and this rises to a third on social media (32%).
>See also: Is cyber security education a waste?
Rick Hemsley, managing director, Accenture Security, comments: “Large businesses in the UK can expect to face more than 80 cyber attacks each year, with one in three breaching security. It’s therefore no surprise that companies are investing more than ever in security solutions. However, this research shows that no matter how much they spend, businesses that fail to educate staff about cybersecurity put themselves at greater risk of being hacked.”
“Effective investment will not only enable practical solutions like stronger spam filters, cloud-based e-mail analytics, virus scanners and firewalls. It will ensure employees have the tools they need to recognise threats, including phishing scams, through prevention training and awareness programs. Ultimately, an organisation’s security is only as strong as its weakest link, which in many cases could be its own workforce.”