Managers lack cybersecurity training – reports

by Brett Henebery25 Aug 2017
In May, a global cyberattack – dubbed ‘WannaCry’ – infected 230,000 computers in more than 150 countries for three days, making it the most devastating cyberattack in history.

Less than one month later, ‘NotPetya’ – a variant of an earlier type of malware named ‘Petya’ – struck.
This virus infected the computer systems of Ukraine’s Chernobyl nuclear power plant, as well as British advertising company Maersk Line and Russian oil company, Rosneft.

As fears spread of another attack, US and UK business owners were surveyed in two separate studies to determine their attitudes to cyber-risks and what they were doing to safeguard their organisations.

One survey, released by Nationwide, found that half of US business owners were unaware that their businesses were victims of cyberattacks.

According to the cybersecurity-focused section of the research, 57% said that they did not have a dedicated employee to monitor for cyberattacks, while 37% did.

The top reasons for not having such an employee are the cost and the belief that their businesses will not be targeted.

A more recent UK Government survey found that more than two thirds of companies say their directors have no training in responding to cyber-attacks.

Out of the 105 organisations in the FTSE 350 questioned, one in 10 revealed they had no plan to cope with hacking.

UK Digital Minister, Matthew Hancock, said May's attack showed the “devastating effect” of breaches.

Hancock urged companies to take advice and training from the National Cyber Security Centre.

The Cyber Governance Health Check – an annual survey – found that 54% of company boards said computer hacking was one of the main threats to their business.

However, 68% of boards had no specific training to deal with a hacking incident.

The survey found some progress, however, with 31% of boards receiving comprehensive information about computer security risks, compared to 21% in 2015-16.

“We have a long way to go until all our organisations are adopting best practice,” Hancock said.

Related stories:
Why the skills shortage is good news for cybersecurity experts
How to make your cybersecurity training succeed