Companies are failing to bolster their employees' cyber security knowledge, putting their data and their reputation at risk.
Research released today by Axelos – a joint venture of the UK government and professional services giant Capita – has found that organisations are underestimating what impact their staff's lack of knowledge can have on the safety of their systems, despite three-quarters of large organisations suffering a staff-related security breach last year, with half of the most serious breaches being caused by human error.
Nick Wilding, head of cyber resilience best practice at Axelos, remarked that companies "often underestimate the role that their own employees – from the boardroom to the frontline – can play: staff should be their most effective security control but are typically one of their greatest vulnerabilities".
Company chiefs have been left scratching their heads over what to do, with only a quarter (28 per cent) feeling their efforts have been "very effective" at changing staff behaviour towards cyber security, while only a third (32 per cent) are "very confident" their cyber security training is relevant to staff members.
Read more: Lawyers warned of dangers in the cloud
Wilding added: "Cyber attacks are now business as usual and the resulting financial and reputational damage can be significant. As a result, organisations need to be more certain that they are engaging their people effectively to better equip them to manage the cyber and information security risks they now all face."
Earlier this year, research by BAE Systems recognised "the insider" as one of the "unusual suspects" a company faced in dealing with cyber crime, pointing out that data could just as well be leaked by a well-meaning employee who inadvertently hand out sensitive information as it could be by somebody who was disgruntled or blackmailed.