US Businesses Don't Mandate Cybersecurity Training

US Businesses Don't Mandate Cybersecurity Training

By Greg Tavarez

Cybersecurity, ransomware and data breaches are among the terms most businesses speak about the past few years. It’s a result of a few other key buzzwords that have shaken up the workplace since 2020 – hybrid, remote, virtual, digital transformation, just to name a few. Business leaders, for the most part, do invest in the technologies needed to protect their business against attacks, but there is one element that plays a big role in potential data breaches – employees. Human error happens, and with a continued increase in attempts, the odds are staked against businesses. Someone is likely to make a mistake.

Here’s an important question: Are employees showing enough concern toward cyber threats?

The answer, quite simply, is no, they do not. In fact, a little more than a third of employees express little to no concern about data theft at work, and 20% believe they cannot be targeted at all by cyber criminals, according to a Terranova Security’s survey “From Data Protection to Cyber Culture.”

U.S. employees simply are not aware that they play a factor in cyber defenses because they still believe the IT department is responsible in protecting company data. This mindset comes down to the fact that U.S. businesses fail to provide employees with enough education on common cyber threats and security best practices. Only 41% of surveyed employees say they work in a company where cybersecurity awareness training is mandatory.

"The research shows that there's some work to do on educating people about the important role they play in protecting data at work, but the responsibility doesn't just fall on them," said Theo Zafirakos, chief information security officer, Terranova Security. "It's clear that security awareness training fell by the wayside for many American businesses, even though cybercrime is rising, and that's a concern.”

The concern is that 43% of employees do not participate in any cybersecurity training at all, and nearly a third indicated that their company does not offer any relevant training. These are worrying training rates, for sure.

But, here is the kicker. These low training rates aren't due to a lack of interest from employees. More than three-fourths of employees find cybersecurity training interesting. The low training rates come from the fact that businesses do not make cybersecurity training mandatory.

In an age where cybersecurity is a concern for most businesses, one would think cybersecurity training would be and at the top of the onboarding and education list. Employees are the first line of defense against cyberattacks. Education, training and a data security culture are the ways to, as Zafirakos said, set up a strong barrier against cyber threats.

Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

ICYMI: From the MSP Market

By: Greg Tavarez    4/19/2024

Partnerships and product enhancements are on track to make waves in the MSP market.

Read More

Telesystem Launches #HackersSuck Cybersecurity Bundle

By: Greg Tavarez    4/19/2024

Telesystem shakes up the cybersecurity landscape with the launch of its #HackersSuck product bundles.

Read More

ExtraHop Prioritizes Customer Success with New Partner Program

By: Greg Tavarez    4/18/2024

ExtraHop launched its new partner program to create maximum value and opportunity for partners modernizing security infrastructures.

Read More

Cyware Makes Strategic Hire to Fuel Channel-First Strategy

By: Greg Tavarez    4/17/2024

Cyware recently appointed Stephan Tallent as the new Head of Managed Security Service Providers Program.

Read More

Guardians Upgrade Network with Windstream, Targeting Digital Edge

By: Greg Tavarez    4/16/2024

The Cleveland Guardians selected Windstream's services to bolster their IT performance, so it can use today's data-intensive sports applications witho…

Read More