New research shows firms are failing when it comes to training employees on cyber security. Building resilience and monitoring for emerging threats are key.

A lack of cyber security training has led to employees making mistakes that can cause significant harm to a business, new research from QBE has revealed.

The insurer’s study revealed that 31% of employees had made errors that could impact the cyber security of their workplace.

cyber attack (3)

The most common mistakes included:

  • Falling victim to a phishing scam (5%)
  • Accidentally clicking a link or downloading something that resulted in malware being added to a work device (7%)
  • Losing or having a work device stolen (6% and 7%)
  • Sharing passwords with colleagues (13%).

QBE’s head of cyber proposition for Europe Erica Kofie warned c-suites of the critical importance of educating employees to improve their cyber security,

He said: “Your employees can be your weakest link when it comes to cyber security and it is important to have an education programme in place to remind them about the risks, how to spot suspicious activity and what to do (and not do).

”Sporadic phishing simulations are also recommended to highlight areas of your workforce you might need to spend more time educating about the risks.”

Research higlights

  • Less than half of employees said their workplace has measures in place such as cyber security training for employees, multifactor authentication (MFA) to log on to work devices/systems, or phishing and cyber scam simulation exercises to mitigate potential cyber risks
  • The majority of those surveyed (56%) said they believe AI will increase cyber risk
  • While the majority said they would feel confident recognising a phishing scam, 5% had already fallen victim at work in the past and 13% said they would not feel confident recognising these.

Businesses must keep an eye on emerging risks

With the nature of cyber-attacks constantly evolving, businesses should make sure they are regularly reviewing cyber plans to keep up.

Phishing is one example where techniques by criminals are becoming increasingly sophisticated. 13% of employees surveyed said they would not feel confident in recognising a phishing scam.

In addition, with the rise in artificial intelligence, the majority of those surveyed (56%) said they believe AI will actually increase cyber risk rather than reduce it (12%).

How to tackle the risks

The survey clearly demonstrated that businesses must do more to educate employees on the risks and prevention tactics.

Less than half of employees said their workplace had the right tools to mitigate potential cyber risks.

Just 29% said their firm ran phishing and cyber scam simulation exercises, while only 43% said they had multifactor authentication (MFA) to log on to work devices.

Only 46% of firms were running cyber security training for employees.

QBE said the data showed that companies should be looking into how they can educate employees to be more aware of risks.

Kofie warned that businesses will need to be carefully looking at factors such as IT security, employee training and response plans to not only be more resilient to cyber risks, but also to improve their risk profile, which affects the level of coverage cyber insurers will offer and at what premium.

He concluded: “It’s crucial for businesses to take stock of their cyber security, not only to address any gaps that might let criminals in, but also to ensure they can access full levels of insurance.”