Information security is viewed in some organizations as a function owned by a few individuals or one department. However, with human error continuing to remain the most prominent cause of data breaches, it is important to create a corporate culture that views information security as a shared responsibility among all employees.
A data breach can cause significant financial, legal and reputational damage to a business. When data protection is prioritized and done well, it provides more disciplined operations, increased customer and stakeholder trust, and minimized risk of fraud or a data breach. One of the best ways to reduce risk is to implement regular and comprehensive training programs for all employees.
Despite this, UK companies are not prioritizing employee training in their fight against fraud and data breaches, according to Shred-it’s 2016 Security Tracker UK Information Security Survey. As many as 87% of UK small business owners and over half (58%) of C-Suite executives say they only conduct employee training on their organization’s information security procedures once a year or less. Furthermore, 66% of UK small business owners and 13% of C-Suite executives report that they only provide this training on an ad hoc basis or never at all.