43% of UK businesses have suffered a cyber breach or attack in the last 12 months, according to research by Probrand, with high-profile hacks such as the Capital One data breach earlier this week highlighting the growing importance of robust investment in cybersecurity.
However, although spending on information security products increased by 12.4% in 2018, investment in the latest products and services is at risk of being underminded by careless cybersecurity practices.
Proband surveyed 1,253 UK workers in full or part-time employment and discovered that basic security steps are still often overlooked, leaving companies at risk of costly attacks.
43% of the surveyed workers, who all use IT systems in their workplace, said their organisation has invested in new cybersecurity products and services during the past year, suggesting that businesses are paying closer attention to the importance of robust cybersecurity.
However, worryingly 67% said they use an easy-to-guess password (such as a single word or simple consecutive numbers) at work, and 46% said they have never changed their password while being employed at their current company.
The data also revealed that remote working could put company networks or sensitive information at risk, with more than 1 in 3 UK workers saying that they have used unsecure network connections such as public WiFi when working remotely.
How basic failures are undermining investment in cybersecurity
Matt Royle, marketing director at Probrand believes that by failing to educate employees on basic cybersecurity practices, businesses could be undermining efforts and money spent on securing their organisation:
“When workers are failing to take the most basic steps to protect their company’s networks and data, it undermines the money that is being invested and the work that is being put into maintain cybersecurity on a more sophisticated level.
He recommends that business invest in training in this area for the benefit of the company’s security:
“Our findings have shown that a shocking number of UK businesses are struggling at the very basics, so we would encourage business leaders to monitor and regulate even the simple cybersecurity practices.
“Writing protocols into company handbooks and employee contracts are just some ways of doing this. As the data shows, as only 37% of employees regularly change their password, it’s clear that some internal training is needed here.”