Tuesday, May 31, 2016

Why aren’t you training your employees on cyber security?

A recent cyber-security survey conducted by the Ponemon Institute and Experian has some startling results for employers. According to the survey, Managing Insider Risk through Training & Culture [pdf]:

  • 60 percent of companies believe their employees do not know enough about cybersecurity risks
  • 55 percent suffered a security incident or data breach because of a malicious or negligent employee

Yet, only 25 percent of companies believe that their employees have sufficient knowledge about privacy and data protection, and only 35 percent prioritize having employees who can identify data-security risks.

In other words, there is a huge gap between the cyber-security threats companies face, and the proactive steps those companies are taking to manage that risk.

And, make no mistake, there is a real-world price tag attached to this gap. The potential cost to a company from a data breach is staggering. According to another study by the same Ponemon Institute [pdf], cyber crime costs an average company more than $7.7 million per year (and rising). While the cost of a data breach scales with the size of the organization, the costs (which include downtime, lost business opportunities, reputational harm, and professional services) cannot be overstated. If you want to get a sense the potential cost to your company, I recommend IBM’s Data Breach Risk Calculator (which pegs the average cost of one data breach at a staggering $3.8 million).

So, what is a company to do? Call your cyber-knowledgeable lawyer and put an effective cyber awareness and training program in place. Your employees are not only your weakest cyber-link, but they are also your first line of defense from a cyber attack. Ignoring the key role your employees play in your company’s cyber-security protection is a risk that your company simply cannot afford to take.