The joint venture by Capita and the UK Government found that within cybersecurity, employee error is thought to be the highest cause of data breaches. AXELOS, which aims to highlight best practice in business, showed that the mishandling of data comes from basic human error due to the lack of awareness and training. Therefore, employees can be to blame for risking a company’s reputation, customer trust and perhaps their bottom lines. Given that in 2015 three-quarters of larger organizations underwent a staff-related breach, half of them caused by human error, AXELOS research suggests that organizations are not informing staff about good practice on top of basic cybersecurity training. In a quarter of respondents, just under half of the staff had been exposed to any kind of program regarding hacking and other cyberattacks. Of the majority of organizations that offer security awareness, a quarter believe the training is, “effective,” at changing employees’ behavior surrounding information security. Only a third are “very confident” that the training is actually relevant.
Nick Wilding, head of cyber resilience and best practice at AXELOS, argued that, “staff should be [businesses’] most effective security control but are typically one of their greatest vulnerabilities.” Warning that, “organizations need to be more certain that they are engaging their people effectively.” Alongside the research, AXELOS published advice on cybersecurity awareness. It reads that the awareness provided should be relevant to the security risks your employees face. “Staff needs the ability to anticipate the ever-changing methods used by hackers.” Employees should be alert to fears of phishing, social engineering as well as being shown the importance of a strong password as cybercriminals only need to be successful once to do tremendous harm.