Cyber Resilience:
Are your people
your most effective
defence?
1
We questioned 100 executives, all responsible for information
security training in organizations with 500+ employees.
The study was conducted by IPSOS MORI in Jan 2016
Here are the results:
How important and effective is cyber security awareness
training for your staff?
99
%
ALMOST ALL SAID
SECURITY AWARENESS
LEARNING IS IMPORTANT
TO MINIMISE THE RISK OF
CYBER SECURITY BREACHES.
And:
63
%
SAID THAT MINIMISING
HUMAN ERROR
IS IMPORTANT TO THEIR ORGANIZATION’S CYBER SECURITY.
However...
42
%
28%
Less than half said
their awareness
learning is “very
effective” at providing
general awareness of
security risks.
33
%
Only a third rate
their training as “very
effective” in reducing the
chance of an information
security breach.
Fewer than a third said their cyber security awareness training is “very
effective” at changing staff behaviors in relation to information security.
Only a minority of UK
companies believe their
information security
training is “very effective”
– the minimum it should
be in the face of growing
cyber and security threats.
Here’s where RESILIA™ Awareness learning comes in:
What do UK organizations think are the greatest sources
of risk for an information security breach?
External threats
vs
Internal threats
49
45
INTENTIONAL ATTACK
UNINTENTIONAL
ERROR BY EMPLOYEES
%
%
BY EXTERNAL HACKERS,
CRIMINALS, TERRORISTS
OR ACTIVISTS.
OR CONTRACTORS.
17
40
THIRD PARTY
SUPPLIERS OR JOINT
VENTURE PARTNERS.
INTENTIONAL ATTACKS
%
%
BY EMPLOYEES OR
CONTRACTORS.
Internal threats pose
a significant risk.
Awareness learning
is key to preventing
cyber attacks.
How regular and relevant is your cyber security
awareness training?
50
%
46
OF STAFF HAVE COMPLETED AN INFORMATION
SECURITY AWARENESS PROGRAM IN
A QUARTER OF UK ORGANIZATIONS.
%
ORGANIZATIONS THAT PROVIDE ONGOING INFORMATION
SECURITY AWARENESS TRAINING BEYOND NEW STARTER
INDUCTION OR ANNUAL E-LEARNING COURSES.
Fewer than a third of UK organizations are using modern,
immersive and effective learning methods to improve their
employees’ levels of cyber security awareness and capability.
82
%
OF ORGANIZATIONS RELY ON
COMPUTER-BASED TRAINING
AND E-LEARNING FOR THEIR
EMPLOYEES’ CYBER SECURITY
KNOWLEDGE RATHER THAN
MORE ENGAGING METHODS
LIKE GAMES, SIMULATIONS
AND ANIMATIONS.
And training isn’t always relevant
No more than
Fewer than half tailor
cyber security learning
to the jobs their
people do.
32
Fewer than a third are
“very confident” that
the awareness learning
is relevant to their staff.
47%
%
Organizations need to be certain
they are engaging and equipping
their staff to more effectively manage
information security risks.
The current regularity and footprint of information
security awareness learning in the majority of UK
companies isn’t sufficient for staff to be prepared
for the ever-changing methods of cyber criminals.
Boards of directors must be asking why and doing
more to protect their organizations’ reputation and
competitive advantage.
THE RESILIA AWARENESS
LEARNING PROGRAM helps to
fill critical knowledge and skills gaps
across all staff, enabling them to
make the right decisions at the
right time, to better protect their
organization’s most valuable and
sensitive information and systems.
Find out more at axelos.com/RESILIA
AXELOS, the AXELOS logo, the AXELOS swirl logo and
RESILIA™ are registered trademarks of AXELOS Limited.