A majority of UK and Ireland Chief Information Security Officers (CISOs) and Chief Security Officers (CSOs) (55pc) believe that human error and lack of cybersecurity awareness is the biggest risk for their business, no matter what cyber solutions are in place, according to a survey for a cyber firm. Common employee behaviours likely to result in cyberattacks include clicking on a malicious link or downloading a compromised file (43pc), followed by falling victim to phishing emails (39pc), then intentional leaking of data (35pc) and unauthorised use of devices and applications (35pc).
While IT leaders in the UK and Ireland are aware of the risk employees may pose to their business, almost half (44pc) stated they did not know who the most at-risk employees in their organisation are. Improving employee training and awareness is a top priority, but obstacles remain. Even though human error and lack of cybersecurity awareness pose a high risk to organisations, only 28pc of UK and Ireland organisations admit to running comprehensive training more than twice a year.
However, most, 73pc agree that they need to improve their employee cyber awareness training and, despite the numerous challenges facing CISOs, about half, 49pc have made it their number one priority in 2021. A majority of CSO/CISOs, 54pc, agree that limited time and resources are an obstacle to developing an effective program, and half do not feel their board pays enough attention to delivering effective cybersecurity.
Businesses are still not prepared for secure remote working, the study suggested. In 2021, many businesses are looking at their long-term remote working plans for their employees. Despite most businesses having had nine months to plan and prepare since the beginning of the pandemic, only 22pc of CISOs firmly believe that their employees are fully equipped to work remotely. Most, 64pc of CISOs believe that their organisations are more vulnerable to cyber threats as a result of remote working.
Most, 73pc of CSOs/CISOs in the UK and Ireland expect to see their cybersecurity budget increase over the next two years. In fact, 25pc expect an increase to their budgets by more than ten per cent. CSOs/CISOs also reported that investing in hiring new talent and up-skilling employees was their second highest priority for 2021 (47pc) after improving employee cybersecurity awareness (49pc).
Andrew Rose, Resident CISO (EMEA) at Proofpoint said: “It’s encouraging that the majority of IT leaders are showing awareness of the risks and challenges they face. However, it is a little concerning to see a that attack vectors such as Business Email Compromise are not as highly prioritised as they could be – given that they are more commonplace than ransomware, and still create massive financial losses. The fact that employee awareness is high on the list of priorities is positive, as regular and comprehensive training is vital to building a security culture, which can protect your firm. A people-centric strategy is a must for organisations, and that starts with identifying the most vulnerable users and ensuring they are equipped with the knowledge and the tools to defend themselves and the business.”
For the full report visit: https://www.proofpoint.com/.
Methodology
The study, by research firm Censuswide in December, surveyed 150 CSO/CISOs from the UK and Ireland. It explored: frequency of cyber-attacks, employee and organisational preparedness and challenges to implementing cyber strategies.
