77% of UK workers admit that they have never received any form of training cyber skills training from their employer, according to a new study from Centrify, a provider of cloud-ready Zero Trust Privilege to secure modern enterprises.
The news comes at the start of European Union’s CyberSecMonth, designed to raise awareness of cybersecurity threats, promote cybersecurity among citizens and organisations; and provide resources to protect themselves online, through education and sharing of good practices.
The survey of 2,000 UK workers in professional services, conducted by independent survey company Censuswide, also found that over one quarter (27%) of workers use the same password for multiple accounts, including work email and social media, putting both their personal security and that of their company at risk from hackers.
69% admit that they do not have the confidence in their own cyber security processes when it comes to protecting their own data. Additionally, 14% have admitted to keeping their passwords recorded in an unsecured handwritten notebook or on their desk in the office. The news comes despite the UK government’s drive to improve cyber security for companies, with its Cyber Essentials programme.
A further 14% do not utilise multi-factor authentication cyber security measures for apps or services unless required to do so – despite the fact that many consumer banking apps and social media now offer this service.
Donal Blaney, cyber law expert, Griffin Law comments: “Ignorance of the law is no defence. Company directors and business owners owe it to themselves, their staff, their shareholders, and their customers to know how to protect their businesses and their customers’ data.”
Andy Heather, VP, Centrify adds: “In an age where cyber attacks have emerged as one of the most ruthless and successful forms of crime that can be committed against a business on a large scale, it is astounding to hear that so many UK companies neglect to instil even the most basic cyber security measures in their employees.
“Tackling this issue requires urgent investment in cyber skills training and adopting a zero-trust approach, to further reduce the risk of weak passwords leaving easy entry points and to ensure malicious parties cannot run riot in company systems with stolen log-in credentials.”