While most businesses are well aware of the risk of cyberattack too few deal with the cyber risk education gap in their enterprises, according to the Chubb Cyber Risk Survey 2019.
The report said that companies had established better safeguards against cyberattacks over the past decade. Yet effective staff training for cyber risk remained a blind spot for many. The study found that 70 per cent of respondents said that their company had “excellent” or “good” cybersecurity practices.
Even so, just over three in ten (31 per cent) of respondents said that their employers provided them with annual company-wide trainings or updates. Many learned about cybersecurity risks from either mainstream media (35 per cent) or friends and family (34 per cent).
“This education gap means employees and individuals cannot spot incoming attacks,” said the report. Employees often lack knowledge of the most common red flags associated with a phishing email—for example, spelling mistakes, messages being sent at odd hours, return email addresses that do not match the sender’s address – which means that they are unable to spot the difference between legitimate and fraudulent email.
The failure to educate staff will do little to deal with cybersecurity risk, which was identified as the single biggest risk to businesses in 2019 earlier this year.
Educating staff is all the more important because of a growing shortage of trained cybersecurity professionals. Organisation are experiencing difficulties retaining qualified cybersecurity professionals – 64 percent of survey respondents replied that this was the case in a recent survey by the industry body ISACA.
An overwhelming 82 percent of survey respondents said that most cybersecurity professionals left their organisations for better financial incentives, such as salaries or bonuses. Over half of respondents also said that a lack of promotion and development opportunities contributed to the skills drain – and nearly half of respondents said that individuals left their organisation for a better work culture or environment.
“In a constantly changing, ever connected threat landscape, staffing cybersecurity positions appropriately and efficiently becomes one of the most important objectives to any enterprise,” the report said. “Ensuring that business operations remain secure, functional and predictable is a hallmark of an appropriately staffed and trained cybersecurity organisation. Like previous years, however, a large hiring gap remains in the cybersecurity field.”
Risk managers who need to get up to speed with risk management in the digital era can benefit from IRM’s Digital Risk Management Certificate. The qualification provides an introduction to the concepts of digital risk management and explains how new technologies and digitalisation are disrupting businesses, changing the risk environment for organisations of all types and posing new ethical challenges. It explores how appropriate risk management tools and techniques can be applied, adapted and developed in the digital context and provides a detailed introduction to cyber security principles and practices.