In a surprising revelation, over half of the SMEs in the UK are failing to cover major cybersecurity weaknesses in their IT security training, despite human error being identified as the most significant concern. This is according to the latest findings released today.
Sharp Europe, a leading business technology provider for SMEs across Europe, conducted a pan-European survey showing a concerning gap between the level of IT security worries and the actual training imparted to mitigate prevalent cyber risks.
The survey, involving 5,770 professionals responsible for IT procurement in SMEs, found that the lack of cyber training among employees is perceived as the primary risk to their businesses’ IT security effectiveness, even more than large-scale industry attacks or inadequate protection. Notably, 24% express increased concern over technology security risks due to insufficient employee training.
Despite the critical role of training in mitigating human error, key areas that have affected UK SMEs, such as Virus attacks (25%), Phishing (31%), Data loss (30%), and Password attacks (24%), are not adequately addressed in the training provided. Less than half of the SMEs cover essential topics like password management (46%), safe downloading practices (46%), secure network connections (45%), or even fundamental login procedures (44%) in their security training programs.
Matt Riley, Director of Security at Sharp UK, says: “IT security is as much a people issue as it is a Technology challenge, our team members are ultimately our last line of defence against threats. Businesses need robust training that encompasses all employees, not just IT and senior management.”
He adds, “The recent increase in AI-enabled phishing attacks, with their heightened sophistication, makes businesses more vulnerable. To counter this, Sharp UK utilises innovative tools for practical training, moving beyond traditional methods. These oversights in training can be costly, underscoring the importance of continuous investment and evolution in IT Security training.”
Interestingly, despite the shift to hybrid working heightening security concerns, only 40% of UK firms have enhanced IT security training post-transition to hybrid models, and merely 41% cover hybrid working in their training programs.
Yet, 92% of those responsible for IT in UK SMEs confidently assert their proficiency in IT knowledge. For further insights and advice for SMEs, visit sharp.co.uk.
