Seventy-seven per cent of UK workers admit that they have never received any form of training cyber skills training from their employer.
That’s according to a study from Centrify and comes during the European Union’s CyberSecMonth, which is designed to raise awareness of cybersecurity threats, promote cybersecurity among citizens and organisations; and provide resources to protect themselves online, through education and sharing of good practices.
The survey of 2,000 fulltime UK workers in professional services, conducted by independent survey company Censuswide, also found that over one quarter (27 per cent) of workers use the same password for multiple accounts, including work email and social media, putting both their personal security and that of their company at risk from hackers.
Most worryingly, the survey also found that 69 per cent admit that they do not have the confidence in their own cyber security processes when it comes to protecting their own data.
Additionally, 14 per cent have admitted to keeping their passwords recorded in an unsecured handwritten notebook or on their desk in the office. The news comes despite the UK government’s drive to improve cyber security for companies, with its Cyber Essentials programme.
A further 14 per cent do not utilise multi-factor authentication cyber security measures for apps or services unless required to do so – despite the fact that many consumer banking apps and social media now offer this service.
Experts have warned that such a lacklustre approach to critical cyber awareness could land employers in hot water.
Donal Blaney, a cyber law expert at Griffin Law, said: “Ignorance of the law is no defence. Company directors and business owners owe it to themselves, their staff, their shareholders, and their customers to know how to protect their businesses and their customers’ data. They will only have themselves to blame if this blows up in their face one day.”
Andy Heather, VP at Centrify, added: “In an age where cyber attacks have emerged as one of the most ruthless and successful forms of crime that can be committed against a business on a large scale, it is astounding to hear that so many UK companies neglect to instil even the most basic cyber security measures in their employees.
“Just one misplaced password could result in the theft of millions of sensitive company documents, personal information and financial fraud, allowing hackers access to critical data. Tackling this issue requires urgent investment in cyber skills training and adopting a zero-trust approach, to further reduce the risk of weak passwords leaving easy entry points and to ensure malicious parties cannot run riot in company systems with stolen log-in credentials.”