UK Markets closed

Firms warned they 'wouldn't survive' data breach as a third fail to train staff

close up programmer man hand typing on keyboard laptop for register data system or access password at dark operation room , cyber security concept
Just 8% of employees said they received regular cyber security training, according to a survey. Photo: Getty

Experts have warned that most UK businesses “would not survive” a data breach as a new report reveals that almost a third (28%) of firms do not provide essential cyber security training to help workers identify potential data breaches.

Some 28% of UK employees said that their company gave no cyber security training at all, according to the new Cyber Security Insights Report from security provider Iomart.

While 42% of workers said that training was offered, it was only given to particular employees rather than to the entire workforce at the firm.

Just 8% of employees surveyed said they received regular cyber security training.

Almost a fifth of those surveyed had experienced an increase in cyber attacks due to working remotely, while a quarter of workers revealed their business did not have a disaster recovery policy in place, despite many businesses shifting to online working due to the coronavirus pandemic.

“Many businesses would not survive the operational — let alone financial — impact of a data breach. By understanding the potential risk and introducing positive behaviour around cyber awareness, they have a much better chance of surviving an incident,” said Bill Strain, security director for Iomart.

WATCH: Why can't governments just print more money?

READ MORE: Nearly 21% of Shopify stores pose fraud risk to customers

Of those businesses that did give cyber security training, 82% admitted it was only a short briefing rather than a comprehensive course, while only 17% of workers had regular sessions relating to cyber security.

Companies pointed to a lack of budget, a lack of prioritisation when it came to preventing cyber attacks, and a lack of technical expertise to implement it, as reasons why they did not offer training, the research found.

Of those surveyed who hold management positions, with more than a quarter (29%) admitted they did not know whether their firm had recovery policies in place to deal with a cyber attack.

The average cost of a data breach was £2.93m and spanned an average of 280 days, according to Iomart.

The healthcare sector had suffered the biggest financial impact of a breach with average losses of £5.4m per incident, according to the research.

READ MORE: Online marketplaces fail to remove banned products after consumers report them

“It’s clear that many organisations still don’t consider cyber security and data protection to be a top priority,” said Strain.

“They need to understand what the potential threats are and build resilience into their business strategy so they can react quickly and maintain operations if their IT systems are compromised.”

WATCH: 10 ways to Brexit proof your finances