US Businesses Don't Mandate Cybersecurity Training

US Businesses Don't Mandate Cybersecurity Training

By Greg Tavarez

Cybersecurity, ransomware and data breaches are among the terms most businesses speak about the past few years. It’s a result of a few other key buzzwords that have shaken up the workplace since 2020 – hybrid, remote, virtual, digital transformation, just to name a few. Business leaders, for the most part, do invest in the technologies needed to protect their business against attacks, but there is one element that plays a big role in potential data breaches – employees. Human error happens, and with a continued increase in attempts, the odds are staked against businesses. Someone is likely to make a mistake.

Here’s an important question: Are employees showing enough concern toward cyber threats?

The answer, quite simply, is no, they do not. In fact, a little more than a third of employees express little to no concern about data theft at work, and 20% believe they cannot be targeted at all by cyber criminals, according to a Terranova Security’s survey “From Data Protection to Cyber Culture.”

U.S. employees simply are not aware that they play a factor in cyber defenses because they still believe the IT department is responsible in protecting company data. This mindset comes down to the fact that U.S. businesses fail to provide employees with enough education on common cyber threats and security best practices. Only 41% of surveyed employees say they work in a company where cybersecurity awareness training is mandatory.

"The research shows that there's some work to do on educating people about the important role they play in protecting data at work, but the responsibility doesn't just fall on them," said Theo Zafirakos, chief information security officer, Terranova Security. "It's clear that security awareness training fell by the wayside for many American businesses, even though cybercrime is rising, and that's a concern.”

The concern is that 43% of employees do not participate in any cybersecurity training at all, and nearly a third indicated that their company does not offer any relevant training. These are worrying training rates, for sure.

But, here is the kicker. These low training rates aren't due to a lack of interest from employees. More than three-fourths of employees find cybersecurity training interesting. The low training rates come from the fact that businesses do not make cybersecurity training mandatory.

In an age where cybersecurity is a concern for most businesses, one would think cybersecurity training would be and at the top of the onboarding and education list. Employees are the first line of defense against cyberattacks. Education, training and a data security culture are the ways to, as Zafirakos said, set up a strong barrier against cyber threats.

Edited by Erik Linask
Get stories like this delivered straight to your inbox. [Free eNews Subscription]

MSPToday Editor

Related Articles

PrinterLogic Solidifies Commitment to Customer Data Security with ISO Certification

By: Greg Tavarez    3/29/2023

PrinterLogic's SaaS platform received International Organization for Standardization 27001:2013 certification to mark its commitment to constantly imp…

Read More

FinOps-as-a-Service will be a Massive Threat or Opportunity for MSPs

By: Matthew Vulpis    3/29/2023

The rapid rise of FinOps should be seen as a bountiful opportunity for MSPs, as the core concepts make FinOps the ideal program for MSPs to drive.

Read More

Mutare Brings Together Cybersecurity Community to Raise Vishing Awareness

By: Greg Tavarez    3/28/2023

Mutare is collaborating with government agencies, business coalitions and private industry in an educational campaign to raise awareness of the risks …

Read More

Only 15% of Organizations Deemed Mature Enough to Defend Against Cybersecurity Risks

By: Greg Tavarez    3/28/2023

Fifteen percent of organizations globally have the maturity level of readiness needed to be resilient against today's modern cybersecurity risks, acco…

Read More

Opti9 Offerings Strengthen Veeam Customers' Security Stacks

By: Greg Tavarez    3/28/2023

Opti9 introduced its standalone offerings for Veeam, which are managed services for Veeam Software and its AI-based ransomware detection and remediati…

Read More