Introduction
Recent research conducted by e2e-assure reveals a significant disconnect between cyber risk owners and employees within the Financial Services sector concerning cybersecurity training [1]. This disparity highlights the challenges in employee engagement and the effectiveness of current training programs, which may inadvertently increase cyber risk.
Description
New research by e2e-assure highlights a significant disconnect between cyber risk owners and employees in the Financial Services sector regarding cyber security training [1]. While 82% of cyber risk owners believe employees are engaged in the training, 69% of employees report being only somewhat (55%) or not engaged (14%) at all [1]. This lack of engagement is concerning [1], especially as 43% of employees face disciplinary actions and training following cyber breaches [2], the highest among surveyed sectors [2]. Furthermore, a significant 37% of employees have witnessed cybersecurity incidents [2], yet only 14% reported them to IT [2]. This reactive focus on discipline may hinder timely reporting of cyber malpractice and frame breaches as individual failures [2], potentially increasing overall cyber risk [2].
As the sector undergoes digital transformation, 76% of cyber risk owners express concern about the use of AI and unauthorized software by employees [1]. The findings indicate that current training methods are not resonating with employees [1], as only 39% receive real-life scenario training [1] [2], despite 82% stating they would be more engaged with such training [1]. The research suggests that the overconfidence of cyber risk owners in their training programs may lead to overlooked gaps [1], contributing to increased cyber risk [1].
Rob Demain [1] [2], CEO of e2e-assure [1] [2], emphasizes the need for a shift in focus from external threats to understanding internal risks [1], particularly the lack of awareness regarding AI policies among employees [1]. With data attacks like phishing becoming more prevalent [1] [2], it is crucial for cyber risk owners to implement effective [2], tailored employee training to enhance resilience against these threats. The report outlines four key recommendations for improving employee training and mitigating cyber risks [1], urging a proactive approach that addresses the specific needs of employees.
Conclusion
The findings underscore the necessity for a paradigm shift in cybersecurity training within the Financial Services sector. By addressing the disconnect between cyber risk owners and employees [1], organizations can foster a more engaged workforce, better equipped to handle internal and external threats. Implementing tailored training programs that resonate with employees and focusing on proactive measures will be crucial in mitigating cyber risks and enhancing overall security resilience in the face of evolving digital challenges.
References
[1] https://www.cybersecurityintelligence.com/blog/over-confidence-in-cyber-security-training-reduces-financial-security-8131.html
[2] https://securityjournaluk.com/disconnect-cybersecurity-financial-services/
