Over a quarter of UK-based SMEs are failing to educate and train their staff on the threat of a cyber-attack a new report has claimed.
Specialist cyber-insurance provider, CFC Underwriting states that 38 percent of its claims in 2016 could have been avoided if better education and training processes were in place.
Their research found that:
Over a quarter of SMEs (26 percent) say that they do not train and educate their staff on the threat of cybersecurity because they are “not sure where to start”
Cybercrime came in second (topped only by Brexit) when SMEs were asked what was the biggest threat to their business
80 percent of SMEs still do not buy cyber-insurance
Graeme Newman, chief innovation officer at CFC commented:
“It’s concerning to see that more than half (56 percent) of SMEs do not have an incident response plan in place that outlines roles and responsibilities in the event of a cyber-attack.
“SMEs must take a two-pronged approach to guarding against an attack, implementing good security and risk management practices along with a strong cyber-insurance policy. For SMEs that are time poor and cash strapped, cyber-insurance policies exist not only to pay for financial losses should their systems be compromised, but also to help them handle and resolve incidents quickly and effectively. Although only nine percent are worried about regulatory fines as a result of a cyber-attack, we can expect to see this shoot up the agenda when GDPR hits in 2018.”
What can be done to educate your staff about cybersecurity?
Regular and updated training will help staff keep on top of their obligations when it comes to cybersecurity. How to identify data security threats, protecting sensitive information and personal data are all key areas to be covered. If you haven’t a budget to dedicate to training you might find it useful to take a look at free online training.
Fake cyberattacks can be a useful exercise regarding how your staff respond and whether you have appropriate guidance and protection in place. It can encourage confidence in employees and help to inform your policies for cybersecurity.
Try not to let the hackers get one step ahead! Make sure you are informed about the latest news regarding cybersecurity and pass this information on to your colleagues. To help prevent cyber-attacks you should make sure your antivirus software is effective by updating it regularly.