Survey reveals the UK business sectors most lacking in cyber security training

Even before the Coronavirus outbreak, cyber security has always been one of the most challenging issues for business owners to grapple with – large and small. As cyber threats continue to rise, it’s no wonder that recent stats allude that data breaches have cost UK enterprises an average of 3.88 million USD per breach (IBM).

And since most of the global workforce is now working from home, cyber security and a level of knowledge among employers and employees is all the more vital.

Considering this, Specops Software surveyed 1,342 businesses from 11 sectors in the UK to understand how many have not sufficiently trained employees against cyber threats.

Research from Specops Software found that perhaps unsurprisingly employees working in Travel and Hospitality have not been provided enough cyber security training with a staggering 84 percent of employees not being trained to deal with cyber-attacks.

Interestingly, only recently EasyJet had reported that they were targeted in a serious cyber-attack whereby email addresses as well as travel information for approximately 9 million customers was breached and accessed.

Specops has also found that cyber-attacks have been increasing year-on-year in the Education and Training sector. Our research found that around 69 percent of employees within this sector have not been adequately equipped with training to identify cyber threats – exposing the safety of staff and students.

Shockingly, almost a third of employees (30 percent) working in the Computer and IT sector have had a lack of cyber security training. Other key industries also include: Marketing, Advertising and PR at 47 percent, Medical and Health at 42 percent and Charity and Voluntary Work at 29 percent.

Of all 11 sectors analysed, Specops discovered that 41 percent of employees have not been provided adequate cyber security training.

However, since many businesses are now operating from home, Specops Software also investigated if the level of cyber security training had changed since the outbreak.

Our survey highlights that a staggering 42 percent assert they have not been provided any additional training since working from home – incredibly important as a remote workforce has now made companies far more vulnerable to password attacks.

37 percent of respondents said they had been provided a little more training since working from home and new policies had been implemented, whilst 21 percent stipulate they have been trained a lot more. Of all the businesses that have implemented cyber security training sessions since lockdown began, just 29 percent had initiated additional sessions to inform employees of cyber security, on average.

But if there’s one thing businesses have learned since the outbreak of Covid-19, it’s that it is important to invest in cyber security and allocate budgets to effectively equip and safeguard businesses from cyber criminals.

Specops Software’s cyber security expert, Darren James, has provided some expertise about training employees:

Why is it important for all employees to be trained?

The fact of the matter is that you can put as many security systems and procedures in place as you wish, but usually the weakest link is always the human being involved. Providing cyber security training is essential. Subjects such as password hygiene, email scam/phishing/malware awareness, social media usage etc. are important and the more attention we can bring to it via training at work, the less likely people in general will fall victim to these crimes.

Should companies integrate training on a regular basis and how often?

Generally, it’s a good idea to provide basic training to everyone, and to all new employees, so everyone is at least on the same page. Then, it is a good idea to promote awareness through the use of a good password policy, and maybe when IT experience interactions with users e.g. service desk/desktop support etc. provide further reminders where appropriate. Some “high risk” users such as IT admins, HR and finance teams should have regular awareness training.

What can companies do to ensure training is kept up to date, especially now everyone is working from home?

Working from home represents another challenge when providing training. You can send emails out or put something on an extranet/intranet page, but let’s be honest not many people are going to willingly go and look. Try arranging a “working from home cyber security awareness” call if possible – whether it is per team, or with team managers who can then pass on key information.

(Last updated on October 30, 2023)

Back to Blog