Cyber security training is outdated or not fit for purpose at many UK companies, finds new study

Hayley Kirton
Follow Hayley
Microsoft 2000 cd-rom disc are pictured 03 April,
Technology has moved on... (Source: Getty)

Cyber security training at many UK companies has failed to move with the times, research out today has found.

The study by AXELOS found that less than a third of firms were employing modern techniques, such as gamification and animation, into their cyber security training.

In addition, fewer than half (46 per cent) of executives in charge of cyber security training at organisations with more than 500 employees were providing learning opportunities beyond staff induction sessions and an annual refresher course.

"Organisations are still trusting in their annual, cyber awareness e-learning," said Nick Wilding, head of cyber resilience best practice at AXELOS. "To expect this approach to influence resilient behaviours is unrealistic. Typically, this one-off course – required once, designed once, delivered once and completed once – is also forgotten at once."

Read more: How businesses miss the loose brick in the cyber wall

AXELOS also discovered that, despite almost all (99 per cent) of the senior managers they surveyed saying they believed that information security training was key to preventing cyber security breaches, less than half (47 per cent) were tailoring their training to suit the jobs that people did.

Wilding said: "One size simply doesn't fit all in this critical area of staff development and neither does it support an organisation’s investment in protecting its corporate reputation and competitive advantage."

Related articles