More than half of UK office workers say their employers have provided no cyber security awareness training, according to ISACA’s 2016 Cyber Security Perceptions study of more than 2,000 UK consumers online.
36% of respondents say they could not confidently define a phishing attack, and 19% have fallen prey to phishing emails. Additionally when asked to prioritise between a fast Internet connection and a secure one, 1 in 3 chose speed.
“It is critically important that we create awareness in cybersecurity and in multiple roles within an organisation,” said Christos Dimitriadis, chair of ISACA’s board of directors. “The human factor is critical when creating cybersecurity capability, and education based on practical guidance is key to reducing the related business risks.”
Fourteen percent of respondents have used an easy-to-guess password to save time, 16% have shared their password with others, 15% have used a USB stick that wasn’t theirs, and 11% skipped the opportunity to use multi-factor authentication because it wasn’t convenient.
Additionally, 76% of respondents don’t know what ransomware is (especially concerning since 93% of phishing attacks now include ransomware) and 62% could not define a breach, despite high-profile incidents regularly featuring in mainstream UK media.
Despite these findings, 79% of those surveyed are confident in their abilities to protect their own sensitive data and 74% of employees are confident in their employer’s ability to do so.
“Consumers are confident—perhaps overly so—in their own abilities to keep their data safe. But these findings show that a gap exists between perception and reality. By failing to educate employees, organisations are leaving themselves more vulnerable to attack,” said Dimitriadis. “Ransomware, for example, is a fast-growing threat and phishing attacks are commonplace. Employees should be taught what these terms mean and the role they play in defending against them. Starting with better education and training in the workplace, we can help to improve safety and security online.”
Cyber security career perceptions
The survey also revealed perceptions about cyber security as a career track. While 57% of UK consumers believe cybersecurity is an important career, 44% of respondents believe these roles are in demand and only 1 in 3 (36%) believes it pays well—surprising findings given that a million cyber security positions remain unfilled worldwide, according to Cisco.
HR firm Robert Walters reports that average salaries for cyber security professionals in the UK will rise 14% this year with some increasing by almost 40%.
Nearly one in five say the cybersecurity profession is too male-dominated—an expected perception, given that women hold only 10-25% of all cybersecurity positions, according to recent research. Additionally, 23% say it is a career “for geeks.”
“Cyber security is an excellent career choice for both men and women who want to play a critical role in their organisations and who are looking to develop a strong mix of business and technical skills—and they can expect to be well compensated for these skills,” said ISACA CEO Matt Loeb. “These findings show that there is still work to be done in changing the perception of cybersecurity and building a pipeline of qualified cyber security candidates.”