Only 17 per cent of businesses invest in cyber-security training

May 11, 2016 @ 21:54 by Alison Cowie

The Open University says companies and organisations need to understand the importance of building cyber-security skills as well as IT infrastructures
With Government research showing nearly two-thirds of large UK businesses have suffered a cyber-attack, yet only 17 per cent of UK firms have trained staff in this area over the past year, The Open University warns that training must become more central to businesses’ cyber-security efforts.

The total cost of cyber crime on the UK economy which now stands at a staggering £34 billion* causing UK firms to increased their annual IT spending as a result of cyber-crime by almost £16 billion in 2015**.

Yet simply increasing spending on IT infrastructure is not a sustainable way to boost defences and protect against a breach, The Open University warns. Businesses must invest in knowledge, ensuring that all employees are aware of best practice in cyber-security, and that IT practitioners have the most up-to-date skills to maintain defences.

Steve Hill, director of external engagement at The Open University, comments: “Businesses need to recognise that investing in IT infrastructure and retraining staff must go hand in hand. As the techniques used by hackers to breach networks and servers become more sophisticated, companies need to do more than simply update their IT systems. Instead, they must ensure that their employees have the knowledge and skills to maintain best practice and future-proof the company’s defences.

“It is important to recognise that a firm’s cyber security measures cannot simply rely on the expertise of a skilled IT team. Knowledge about best practice must be widespread across an organisation.

“Thanks to the increasingly flexible educational possibilities available online, it is now easier than ever to make this knowledge accessible across an organisation.”

“Cyber-crime is a threat that should not be pushed into the shadows. Ever-increasing investment in IT systems will not detract from the need to ensure that all employees are equipped to maintain their own and their company’s cyber security, so decision makers must ensure that their teams are aware of the risks and have the knowledge they need to maintain best practice.”