Please use the sharing tools found via the share button at the top or side of articles. Copying articles to share with others is a breach of FT.com T&Cs and Copyright Policy. Email licensing@ft.com to buy additional rights. Subscribers may share up to 10 or 20 articles per month using the gift article service. More information can be found here.
https://www.ft.com/content/acb60205-50f7-4422-972e-f6355ddea2f2
Cyber attacks are increasing both in number and complexity, yet many businesses are still failing to provide adequate cyber security training for their employees. Although British companies experienced 2.39mn cyber attacks over the past year, only 18 per cent of them provided cyber security training to their staff, according to the UK government’s 2023 Cyber Security Breaches Survey. Such a lack of security training often means staff are unequipped to deal with existing — and emerging — cyber threats. A study by the UK’s Chartered Management Institute found that just one in 10 managers understood security basics, such as setting strong passwords and spotting malicious emails. This knowledge gap persists despite humans playing a role in 74 per cent of cyber security breaches — according to the Verizon 2023 Data Breach Investigations Report — for example, by clicking on malicious hyperlinks or opening documents in phishing emails. Businesses must therefore view cyber security hygiene as a “top priority” and develop a “cyber-conscious company culture”, says Tris Morgan, managing director of security at UK telecoms group BT.