Only 17% of businesses invest in cyber-security training for staff
New government research shows nearly two-thirds of large UK businesses have suffered a cyber-attack, yet only 17% of UK firms have trained staff in this area over the past year, The Open University reveals.
As policy experts meet tomorrow in London to bring fresh ideas to the table, The Open University warns that training must become more central to businesses’ cyber-security efforts.
Tomorrow’s event, ‘Working in Partnership to Reduce Risk in the Digital Age’ is organised by the Public Policy Exchange to debate the role of key stakeholders in tackling the rising cost to the UK economy, a total cost which now stands at a staggering £34 billion. Last year, UK firms increased their annual IT spending as a result of cyber-crime by almost £16 billion, yet simply increasing spending on IT infrastructure is not a sustainable way to boost defences and protect against a breach, The Open University warns. It says businesses must invest in knowledge, ensuring that all employees are aware of best practice in cyber-security, and that IT practitioners have the most up-to-date skills to maintain defences.
Steve Hill, director of external engagement at The Open University, commented, “Businesses need to recognise that investing in IT infrastructure and retraining staff must go hand in hand. As the techniques used by hackers to breach networks and servers become more sophisticated, companies need to do more than simply update their IT systems. Instead, they must ensure that their employees have the knowledge and skills to maintain best practice and future-proof the company’s defences.
“It is important to recognise that a firm’s cyber security measures cannot simply rely on the expertise of a skilled IT team. Knowledge about best practice must be widespread across an organisation.
“Thanks to the increasingly flexible educational possibilities available online, it is now easier than ever to make this knowledge accessible across an organisation. The Open University’s Introduction to Cyber Security course was the first of its kind anywhere in the world to gain government support, indicating that the UK is starting to recognise the importance of making these skills widely available.
"Cyber-crime is a threat that should not be pushed into the shadows. Ever-increasing investment in IT systems will not detract from the need to ensure that all employees are equipped to maintain their own and their company’s cyber security, so decision makers must ensure that their teams are aware of the risks and have the knowledge they need to maintain best practice."