The survey findings identified key areas of weakness which included the fact that limited board understanding of cybersecurity meant the risk was often passed on to outsourced cyber providers. Findings showed that small, medium and large businesses outsource their IT and cybersecurity to an external supplier 58%, 55%, and 60% of the time respectively. However, only 13% of businesses assessed the risks posed by their immediate suppliers, with organisations saying that cybersecurity was not an important factor in the procurement process.
Highlighting the need for a more people-focused strategy for tackling cybersecurity issues, the survey found that just under one in five businesses (17%) and charities (19%) provided training or awareness-raising sessions specifically for those not directly involved in cybersecurity. The findings did state that relevant training and awareness-raising sessions are more commonplace in larger organisations with 61% of businesses and 64% of charities with an income of £5million saying they have offered this training in the past 12 months, however, in both micro/small businesses and charities with an income below £100k, the figure dropped to just 16%.
Martin Smith MBE, Founder and Chairman of The SASIG, said: “As with any area of business, to achieve real success with a cybersecurity strategy businesses must always take a people-first approach. Having a robust cybersecurity policy in place is one thing but having a real understanding of how to implement this, as well as clear processes for tackling a cyberattack must always be company-wide to have any real impact and long-term benefits.
“The results of the Government’s latest Cyber Security Breaches Survey point to under-investment in meaningful staff training and awareness-raising, as well as a failure to safeguard companies from threats posed by their supply chains. A people-first approach to cybersecurity and protection against cyberattacks that includes regular training, information sharing and awareness-raising, as well as regularly reviewing the risk from suppliers is key to the ongoing protection of every company’s operational and financial performance.”
‘The human factor and cybersecurity’ workshop will feature at Big SASIG, a unique one-day cybersecurity conference run by The SASIG on Wednesday 25 May 2022, in London.
The unique format of ‘Big SASIG’ allows delegates to engage directly with their peers, SASIG partners and other security vendors, which proved hugely successful in 2021. ‘Big SASIG 2’, which takes place at 155 Bishopsgate, London, EC2M 3YD, will unite the cybersecurity community in person.
There is no charge to attend Big SASIG and to register as a Big SASIG delegate, visit https://bigsasig.com
-ENDS-
EDITORS’ NOTES:
About the Security Awareness Special Interest Group (The SASIG)
Established in 2004, SASIG is a networking forum for cybersecurity professionals, representing hundreds of organisations of all sizes and from both public and private sectors worldwide. SASIG has more than 6,500 individual members drawn exclusively from CISOs, decision-makers, and influencers with responsibility for security within their organisations and their teams, together with academics and Government agencies.
The SASIG curates more than 150 webinars and in-person events each year, covering topical cybersecurity issues impacting business, commerce, government agencies and other public sector organisations, as well as individuals.
About ‘Big SASIG 2’
‘Big SASIG’ is the flagship SASIG event for 2022 and is the new way for the cybersecurity community to do conferences.
Delegates participate in one-to-one meetings and attend supporter workshops. The high-quality, cutting-edge content is developed under the guidance and direction of the SASIG Independent Advisory Board, comprising leading CISOs and industry experts.
The inaugural online ‘Big SASIG’ conference in March 2021 proved the viability of its uniquely formatted concept, seeing delegates engage directly with their peers, SASIG partners and other security vendors throughout the day.