Recent reports suggest that approximately 2.39 million instances of cyber crime occurred over the past year. With staff training in cyber security being an essential part of employee onboarding, sufficient training is crucial if businesses wish to protect themselves against cyber attacks.
With this in mind, I2,200 respondents from 16 different industries were surveyed* to discover if businesses are carrying out sufficient cyber security training for employees.
Key findings:
- 96% of the Utilities sector provide cyber security training for employees.
- 3% of the Accommodation and Food sector actively train employees in cyber security.
- 42% of overall survey respondents don’t actively train employees in cyber security.
The 10 sectors training employees in cyber security the LEAST:
Rank | Sector | Percentage of respondents that actively
train employees in cyber security |
1 | Accommodation and Food | 3% |
2 | Transport | 11% |
3 | Education | 17% |
4 | Retail and Wholesale | 22% |
5 | IT and Communications | 65% |
6 | Arts, Entertainment and Recreation | 68% |
7 | Professional and Technical | 71% |
8 | Public Sector and Defence | 72% |
9 | Financial Services | 73% |
10 | Admin and Support | 74% |
Accommodation and Food is the sector that actively trains employees in cyber security the least, with only 3% of respondents revealing that they do so.
Accommodation and Food businesses report that the most common form of cyber attack was through email hacking, with 64% of respondents within this sector experiencing this. Responses from the survey suggest that not only does cyber security training need to be increased, with a focus on email hacking and phishing attacks.
The Transport sector ranks second, with just 11% of respondents revealing that they actively train employees in cyber security. With only 11% of businesses within this sector actively training employees in cyber security, almost four times the amount (41%) said they have experienced a cyber attack via email hacking.
The Education sector ranks third, with just 17% of respondents revealing that they actively train employees in cyber security.
It is evident that cyber security training within the Education sector needs to be increased and improved, as 78% of respondents reported that they have experienced a cyber attack, with 76% of respondents reporting email hacking as the method used.
A lack of training in cyber security could result in a failure to uphold an Educational institute’s reputation. This could result in serious cyber attacks, which may breach the data of those involved in the educational institution.
The top 5 sectors training employees in cyber security the MOST:
Rank | Sector | Percentage that actively
train employees in cyber security |
1 | Utilities | 96% |
2 | Real Estate Activities | 94% |
3 | Manufacturing | 92% |
4 | Construction | 91% |
5 | Health and Social Care | 90% |
Venky Sundar, Founder and President of Indusface commented on the importance of cyber security investment and training among all business sectors:
“The cyber security of any business, whether an SME or a larger corporation, is vital to its integrity. With technology and the internet being an integral, useful part of how many businesses operate, it is important that every company understands the risks of it being inadequately protected. If cyber attacks occur, a business can suffer from lost business data, a degraded reputation, and potentially a large financial cost.
“While we found that email hacking is the most prevalent, the way it is carried out is very versatile. Phishing is a much talked about threat, however, bot attacks such as account-takeover and credential stuffing could also be used to hack emails and get access to email accounts. The other method is when hackers exploit an SQL injection vulnerability on a table and extract all credentials through the vulnerability. In addition to training all employees on how to evade phishing attacks, organisations will also find it worthwhile to run regular security assessments and implement a WAAP solution to filter out malicious attacks right at the perimeter before the attacks hit the application servers.
Finally, it is important to build defences in depth. All systems are to be designed while assuming that they don’t get compromised even in case an email is hacked. This problem is especially bad in the SME space as security software needs to be constantly updated and the acute shortage of talent and resources mean that SMEs run outdated security software products.”
Indusface survey results and data here