Research shows 44% of employees have not been trained in cybersecurity

Oliver Noble, Cybersecurity Expert at NordLocker

44% of employees haven’t gone through employer-arranged cybersecurity training, according to a study commissioned by NordLocker, an encrypted cloud service provider.

This is a worrying statistic because the study reveals that 77% of professionals handle confidential data at work. The study covered 1,500 employees in the US from five different industries that are top targets of ransomware (education, healthcare, law, finance, and IT).

“The lack of employee cybersecurity training is alarming because the human element has been known to be the cause behind the majority of cyberattacks. Firms that don’t make their employees aware of the potential risks and telltale signs of cybercrime run a big risk that is not worth the consequences,” explains Oliver Noble, a cybersecurity expert at NordLocker.

12% don’t use any cybersecurity tools

The study reveals that 12% don’t use any cybersecurity tools at work at all. Among those who do employ safety measures on their digital devices, antivirus software prevails (68%), followed by password managers (59%), a VPN (51%), and a file encryption tool (42%).

“Cyber racketeers often go for the most sensitive, and thus the most vital data firms have. Without providing cybersecurity tools and enforcing their use, employers not only risk freezing their business to a complete halt but also gamble away potential clients that might become wary of the firm due to questionable security and damaged reputation,” says Oliver.

% of employees that had cybersecurity training at work

IT 79% 21%
Finance 69% 31%
Legal 49% 51%
Healthcare 44% 56%
Education 41% 59%
ALL 56% 44%

% of employees that handle confidential data at work

Finance 88% 12%
Legal 83% 17%
IT 78% 22%
Healthcare 76% 24%
Education 61% 39%
ALL 77% 23%

What cybersecurity tools are used at work

IT Finance Legal Education Healthcare ALL
Antivirus 79% 72% 67% 60% 60% 68%
Password manager 68% 63% 57% 50% 57% 59%
VPN 74% 61% 51% 35% 36% 51%
File encryption tool 59% 52% 40% 24% 36% 42%
Other 1% 1% 2% 0% 0% 1%
None 5% 7% 11% 21% 17% 12%

Who is responsible if an employee accidentally causes a data breach?

When asked who should be responsible if someone accidentally caused a data breach in their workplace, most workers answered with “both the employer and the employee” (47%). However, 22% of respondents would blame the firm exclusively if a data breach occurred.

IT Finance Legal Education Healthcare ALL
Employee 33% 28% 30% 24% 31% 29%
Company 18% 18% 27% 26% 21% 22%
Both 49% 53% 41% 47% 47% 47%
Other 1% 1% 1% 3% 1% 1%

How can organisations stay on top of their cybersecurity?

Five easy-to-implement cybersecurity practices for businesses of all types:

  • Ensure your employees use strong and unique passwords to connect to your systems. Better yet, implement multi-factor authentication.
  • Secure your email by training your staff to identify signs of phishing, especially when an email contains attachments and links.
  • Implement and enforce periodic data backup and restoration processes. An encrypted cloud might be the most secure solution for this.
  • Adopt zero-trust network access, meaning that every access request to digital resources by a staff member should be granted only after their identity has been fully verified.
  • Encrypt files to avoid data leaks. Even if encrypted files are stolen from firm computers, hackers won’t be able to access their content and threaten you with exposing the data.