Despite growing data security concerns in both the private and public sectors, a new study found organizations in the U.K. are failing to train their employees to protect against cyber attacks.
In a survey of 700 U.K. workers conducted by Guidance Software, 64 percent of respondents indicated they had not received training or instructive material to educate them about IT security, IDG News Service reports.
Recent data breaches impacting Sony and marketing services firm Epsilon highlight the danger cyber attacks can pose. While most employees are not expected to know how to protect against a well-orchestrated cyber attack, a responsibility typically reserved for IT departments, the study found many businesses have not even instructed employees how to address more basic cyber threats, such as malware and data loss.
One encouraging finding, however, is that many employees acknowledge they are at least partly responsible for ensuring sensitive corporate data isn't exposed. Sixty-one percent of respondents indicated all employees play a part in corporate data protection practices, while only 16 percent said the responsibility fell solely on IT departments.
"What is most concerning about this data is the chasm that exists between businesses and their employees," said Guidance's Frank Coggrave, according to IDG. "As the survey shows, a large proportion of workers clearly believe they play an important role in protecting against malware attacks and keeping data secure, and half understand the risks associated with devices; however, the majority are not being adequately trained."
The need to provide employees with data security training is apparent, as many data breaches occur from within the company, rather than externally. According to data security expert Thomas Logan, the majority of data loss is caused by careless employee error, not malicious or external threats, EContent magazine recently reported.