Companies usually limit training and education to IT employees. One consequence, according to G Data, is insufficient security awareness among many employees.
A lack of IT security expertise is one reason why employees are still a risk to the IT security of German companies. This is according to the employee survey “Cybersecurity in Numbers” by G Data, brand eins and Statista. The study sees companies as being responsible for insufficient skills in this area.
The results of the survey speak a clear language: only three out of five respondents check e-mails for phishing. Only two-thirds lock their workstation computer in their absence. In general, employees also assume that their employer is taking sufficient technical measures to ensure IT security. However, they do not see themselves as responsible.
Training only for IT employees
“This is fatal. Because cybercriminals target employees directly with social engineering and try to gain access to the network in this way,” G Data comments on the study
While more than half of German companies use education and training to increase their staff’s sense of responsibility, almost 46 percent do not offer training for all employees. A third even stated that only IT employees receive training. Security awareness training is also not widely available due to high costs.
“Those who do not educate and train their employees about current cyber threats are making a big mistake,” said Andreas Lüning, co-founder and CEO of G Data. “Company executives must act responsibly and involve all employees in IT security. Even clerks in accounting or human resources are attractive targets for phishing attacks.”