The research has been carried out by Experian and the Ponemon Institute and has been published under the name ‘Managing Insider Risk Through Training & Culture’. The researchers spoke to 600 leaders in the technology industry about the issue and found that more than half had been on the receiving end of a data security breach due to errors in judgement on the part of employees.
Businesses are making the investment in training employees so that they know how to protect their confidential data, but many are also under the impression that employees are not very aware of the security risks. However, C-suite executives are different, with 35% declaring that they believe employees are well informed about the risks.
The study shows that many breaches are the result of a simple error on the part of the employee. Companies should be ensuring that employees have the knowledge and resources that they need to protect data and create a strong culture of security.
The study found that employee training is only mandatory in 46% of organisations. Even after a data breach, the majority of companies are not taking the opportunity to offer retraining to employees. Companies that do provide training offer varied standards, with just 43% providing staff with basic information. Of the security training programmes, less than half cover social engineering and phishing, with only 38% consider security on mobile devices, and less than 30% looking at using cloud computing services safely.