US Businesses Don't Mandate Cybersecurity Training


US Businesses Don't Mandate Cybersecurity Training

By Greg Tavarez

Cybersecurity, ransomware and data breaches are among the terms most businesses speak about the past few years. It’s a result of a few other key buzzwords that have shaken up the workplace since 2020 – hybrid, remote, virtual, digital transformation, just to name a few. Business leaders, for the most part, do invest in the technologies needed to protect their business against attacks, but there is one element that plays a big role in potential data breaches – employees. Human error happens, and with a continued increase in attempts, the odds are staked against businesses. Someone is likely to make a mistake.

Here’s an important question: Are employees showing enough concern toward cyber threats?

The answer, quite simply, is no, they do not. In fact, a little more than a third of employees express little to no concern about data theft at work, and 20% believe they cannot be targeted at all by cyber criminals, according to a Terranova Security’s survey “From Data Protection to Cyber Culture.”

U.S. employees simply are not aware that they play a factor in cyber defenses because they still believe the IT department is responsible in protecting company data. This mindset comes down to the fact that U.S. businesses fail to provide employees with enough education on common cyber threats and security best practices. Only 41% of surveyed employees say they work in a company where cybersecurity awareness training is mandatory.

"The research shows that there's some work to do on educating people about the important role they play in protecting data at work, but the responsibility doesn't just fall on them," said Theo Zafirakos, chief information security officer, Terranova Security. "It's clear that security awareness training fell by the wayside for many American businesses, even though cybercrime is rising, and that's a concern.”

The concern is that 43% of employees do not participate in any cybersecurity training at all, and nearly a third indicated that their company does not offer any relevant training. These are worrying training rates, for sure.

But, here is the kicker. These low training rates aren't due to a lack of interest from employees. More than three-fourths of employees find cybersecurity training interesting. The low training rates come from the fact that businesses do not make cybersecurity training mandatory.

In an age where cybersecurity is a concern for most businesses, one would think cybersecurity training would be and at the top of the onboarding and education list. Employees are the first line of defense against cyberattacks. Education, training and a data security culture are the ways to, as Zafirakos said, set up a strong barrier against cyber threats.

Edited by Erik Linask

MSPToday Editor

Related Articles

Cyberattack Protection, Detection, and Recovery with SaaS

By: Greg Tavarez    11/23/2022

DataHawk from Cohesity is a data security SaaS solution that helps customers protect, detect and recover from cyberattacks and ransomware attacks.

Read More

Cloud Marketplace Innovator Pax8 Ranks 131 on the Deloitte Technology Fast 500

By: Juhi Fadia    11/23/2022

Pax8 has been named in the Deloitte Technology Fast 500 among the fastest-growing technology, media, telecommunications, life sciences, fintech, and e…

Read More

Arizona Department of Homeland Security Picks Tanium for Cybersecurity

By: Stefania Viscusi    11/22/2022

With a new, state-of-the-art cybersecurity solution from Tanium, AZDOHS is able to better share key information in real time, creating a stronger secu…

Read More

IT Teams Fall Short in Microsoft 365 Security Protections

By: Greg Tavarez    11/21/2022

A surprising number of enterprises have major gaps in the Microsoft security policies and practices, leading to unnecessary risks.

Read More

Phishing Attacks Sprout from Unexpected Places

By: Greg Tavarez    11/21/2022

Users more frequently click on phishing links that arrive through other channels, including personal websites and blogs, social media, and search engi…

Read More