- Employee error seen as bigger risk than industry attacks and lack of security cover.
- Major security weaknesses such as Password hygiene and downloading files not covered in significant percentage of training provided.
- No increase or change in training despite mass move to hybrid model.
The pan-European survey from Sharp Europe, a major provider of business technology products and services to SMEs across Europe, reveals a worrying disconnect between levels of IT security concern and the specific training businesses have in place to address the most common cyber risks.
The research of 5,770 professionals responsible for purchasing IT in their SME reveals that, employees not following or even having any cyber training is seen as the biggest risk overall to the effectiveness of their businesses’ IT security; more so than large scale industry attacks or concerns around not having the right protection in place. In fact, a third (24%) are now more concerned than previously about technology security risks because of the lack of training for employees.
Despite the importance of training, and the concerns around human error, the research reveals that areas that would help address threats, that have impacted UK SMEs, such as Virus attacks (25%), Phishing (31%), Data loss (30%) and Password attacks (24%) are simply not covered by a significant proportion of the current training provided to employees. Security training programmes in less than half of SMEs cover passwords (46%), downloading files (46%), connecting to a secure network (45%), or even the basics around logging on and off (44%).
Matt Riley, Director of Security at Sharp UK, comments: “IT security is as much a people issue as it is a Technology challenge, our team members are ultimately our last line of defence against threats. Businesses and organisations of course need to have all the right technology in place, such as Firewalls and Anti- Virus software, but they also need to create a security culture and robust training that covers all employees, not just the IT team and senior management.
“Failing to have continuously refreshed cyber training in place for dealing with everyday issues like changing passwords, spotting phishing emails and downloading files is a real concern. The recent surge in AI-enabled phishing attacks is rising to new levels of sophistication, meaning more businesses are more vulnerable than ever to attack. To combat this at Sharp UK, we are using new tools to educate and put knowledge into practice. Traditional training methods such as watching videos don’t provide an engaging way for knowledge to be embedded through practical application. New training tools simulate phishing, raising awareness of the threat, and fostering positive conversations within our own teams about cyber security. Ultimately, these training oversights can cost businesses significantly so it’s important to keep investing and evolving IT Security training.”
Even with the general rise in security concerns following a mass move to hybrid working, only 40% of firms across the UK have increased IT security training since moving to a hybrid model and only 41% of UK small businesses cover hybrid working in their training programmes.
Despite this, the research also revealed that only 92% of those responsible for IT in UK SMEs are very confident that they have adequate knowledge of IT. For more insights and advice for SMEs, please visit: sharp.co.uk.