• Finance businesses carry out fire evacuations more often than online security tests
• Yet, businesses are 125 times more likely to suffer cyber attack than damage by fire
• Perception of risk lags behind reality as businesses in the financial sector think it won't happen to them
Finance businesses carry out routine fire drills three times as often as all-staff cyber drills, according to new research from accelerated training provider, Firebrand Training. This is despite the number of businesses suffering from cyber breaches being 125 times greater than the number of businesses reporting fires on their premises.
The Firebrand report also revealed that almost half (42%) of finance businesses think that cybercrime is not a threat to businesses in their sector. Yet, Government research shows over two fifths (46%) of all businesses have identified a cyber security breach or attack in the last year.
Robert Chapman, co-founder of Firebrand said:
"In some ways we were surprised by the proactivity of financial businesses in terms of prevention, but we were also surprised that 20 per cent of businesses only complete cyber drills once a year. Cyber crime is constantly evolving. If you're testing your systems once a year, and patching up breaches with new safeguards, but then leaving this for another 12 months you're incredibly vulnerable, as we've seen with the NHS attacks. It's like expecting cling-film to be an effective material for dam building."
The new research is released following the global ransomware attacks that hit the NHS as well as organisations around the world. More than 500 business-training decision makers and HR professionals were interviewed for the Firebrand report.
Financial businesses place cyber training first on a list of training requirements they intend to invest in during the next 12 months. The investment is crucial as the vast majority of finance businesses (75%) said they had just one named individual who had responsibility for cyber security and more than a third (40%) said they had no idea where to start to keep their business safe from cyber threats.
Finance companies also lagged behind awareness of the Apprenticeship Levy – with a third of finance businesses (36%) not knowing what this is. Yet, the Levy can be used to fund specialist cyber training for new or existing staff.
Robert Chapman continued: "The model of having one IT person looking after cyber security in a data economy is outdated. Everyone has a responsibility to be cyber-confident. The figures we've been presented with, where only 40% believe their colleagues are competent and responsibly changing passwords on a regular basis are quite frightening, in particular as we approach legislation which will enforce fines on businesses who suffer data breaches.
"Your colleagues are your first defence (and biggest risk) as a business, and keeping them trained on these issues could make all the difference to your security and your bottom line."
The General Data Protection Regulation was approved by the EU Parliament on 14 April 2016 and will be enforced by 25 May 2018 at which time organisations could face heavy fines if their data is breached.