Security Awareness pros KnowBe4 have published findings on cybersecurity training among UK employees and the adoption of ‘best practice’ policies by organisations. The report, entitled ‘UK Cybersecurity Practices at Work’, highlights the various cybersecurity threats faced by modern organisations and expresses concern over the insufficient training received by employees across the UK. According to the study, over half (51%) of UK workers have not been trained to avoid phishing scams, and a staggering 18% have never received any form of cybersecurity training.
The report also found that cybersecurity training did not reflect the changing threat landscape and more sophisticated threats facing organisations and their end users. Worryingly, 60% of UK employees have received no training on remote work ‘best practices’ despite a mass migration to remote/hybrid working during and post pandemic. Other areas where employees have not received training include:
- What to do if your credentials have been breached (66%)
- Social engineering (82%)
- Deepfakes and AI (83%)
- Bring your own device (84%)
The study also reveals how many organisations have implemented ‘best practice’ policies in the workplace and how many are planning on introducing them in the future, if at all. Only 42% of UK workers have read and signed their workplace’s cybersecurity policy and a further one-third of respondents admitted that they or a colleague have bypassed a ‘best practice’ policy in order to get the job done more quickly.
Javvad Malik, lead security awareness advocate at KnowBe4, notes: “Making the UK a safer place to do business is a shared responsibility and if organisations are equipping employees with computers to do their jobs, they also should be empowering them with the tools and knowledge to use them securely. The technology landscape is changing all the time, therefore, not including training on new areas such as deepfakes and AI, could be putting UK organisations at further risk of cybercrime.”
The full report can be found here
