Why companies must focus on the human side of cyber security to combat threats

Whether through a malicious cyber-attack or an accidental leak, a single security incident can have a devastating impact on an organisation, potentially impacting operations, damaging customer trust and causing shares to freefall. Cleaning up a data breach can also be an expensive, resource heavy affair and firms that are found to be negligent can face eye-wateringly large fines under GDPR. In July, the Information Commissioner’s Office handed British Airways and Marriott International fines of £183.39m and £99.2m respectively.

However, while more businesses are now taking these threats seriously, many are unable to find staff with the essential cyber skills needed to prevent and mitigate security incidents.

The growing skills gap

A 2018 government audit commissioned by the Department for Digital, Culture, Media and Sport (DDCMS) and carried out by Ipsos Mori, found that that the majority of UK organisations are struggling with a lack of access to essential security skills.

The audit estimated that of the UK’s roughly 1.32m businesses, 710,000 were suffering from a gap in basic technical security skills, while 407,000 had a gap in high-level skills. Forensic analysis, pen testing and risk assessment were the tasks that organisations were most likely to lack the in-house skills to perform.

Skyrocketing demand and a shortfall of new entrants into the field have contributed to a global security skills shortage that has significantly increased the time and cost involved in recruiting and retaining experienced cyber professionals. Vital positions can often take several months to fill, leaving companies exposed to an increased level of security risk.

Developing skills internally

As companies continue to search the dwindling supply of available security professionals to plug their skills gaps, companies should also be looking inwards at their existing IT personnel.

Your internal IT experts are ideally placed to tackle many security issues thanks to their deep familiarity with your systems and processes. Indeed, the DDCMS audit found that the majority of companies cover cyber needs informally, with less than half having security duties officially written into a job description.

However, with cyber-attacks becoming both more frequent and more sophisticated, informal multiskilling is not enough to protect your company’s vital systems and sensitive data from attack. It’s increasingly important that teams are equipped with proper, in-depth training to help them identify potential risks and respond quickly in an emergency.

But with personnel already busy with their ordinary duties, it is vital that training is delivered in a way that won’t detract from the completion of essential IT activities. With timing of the essence, training and development efforts need to be pinpointed on providing the most important skills for your organisation.

Our Cyber Security Training Design and Development services can craft a bespoke training experience that is tailored to the specific needs of you and your personnel. Get in touch with our team now to find out how we can help bolster your access to critical cyber skills.