Why Train Employees in Cyber Security?
Cyber security is often an afterthought for businesses, and this can be detrimental. Many companies don’t provide cyber security awareness training to employees, nor their IT teams in the technical aspects. Those that do, rarely follow up that training going forward.
Cyber security is a hot topic in political, business and our personal interests. We hear about more and more cyber-attacks and breaches each day, and with the rise of Ransomware-as-a-Service, DDoS-as-a-Service, etc. these attacks will most likely only increase.
Per Fortune Magazine, cyber-attacks cost companies $400 billion annually. Furthermore, a recent study by Hewlett-Packard found that a cyber attack on a company, in the United States averages $15.4 million, so it’s easy to see that a single cyber-attack can cost an enterprise company millions and could devastate a small business.
Financial costs aside, security breaches can also cost a company business. In a survey conducted by OnePoll, (as reported by CSO Online) 86.55 percent of 2,000 respondents stated that they were “not at all likely” or “not very likely” to do business with an organization that had suffered a data breach involving credit or debit card details. As well as loss of customer trust, a cyber-attack could also lessen trust between partner companies.
Knowing all of this, why are businesses so unlikely to train employees in cyber security?
Why don’t businesses train employees in cyber security?
As Tom DeSot, of Dark Reading, so eloquently says, “Sadly, the most common and detrimental thing that many companies are doing wrong when it comes to training employees on cyber security is a big one: they aren’t doing it all.” Why is this?
Too small to be targeted
For small businesses, a frequent reason for not investing in cyber security in general (let alone training employees) is that they think they’re too small to be targeted. However, according to Cyber Insurance’s Enterprise Lead Timothy Francis, 62% of cyber breach victims are small-medium sized businesses or SMBs. Not only that, but the U.S. National Cyber Security Alliance has reported that 60% of small businesses go out of business within 6 months of a cyber-attack.
Hackers rarely spend time on outlining their ideal malware victims; it’s often a numbers game. Individuals get hacked, enterprise businesses get hacked and, yes, small and medium sized businesses get hacked.
Don’t have the time
Some companies claim to not have the time. This justification can be easily broken down with a little logic. Think about the case of ransomware. A single open attachment of a phishing email could infect a company’s entire network. If this were the case, the company’s critical files get encrypted or destroyed. This could halt business for days or longer. Even in a smaller case, say 48 hours: that is 16 business hours lost companywide!
When considering cases of this type, it becomes apparent that allowing employees to spend a few hours per month on cyber security training is worth the time, and could save whole days of time in the long run. To illustrate the realism of my logic: According to Osterman Research, Inc., nearly 50% of businesses experienced a ransomware attack in 2016.
Faith in technology
The last of the popular reasons companies forego training employees in cyber security is that they rely solely on cyber security architecture, software, and firewalls. Companies that invest heavily in IT tend to allocate budget towards cybersecurity tools and technologies over investing in their teams. As Harvard Business Review recently put it, “The danger is in thinking that these risks can be perfectly “managed” through some sort of comprehensive defense system. It’s better to assume your defenses will be breached and to train your people in what to do when that happens. Instead of “risk management,” we propose thinking of it as “risk agility”.”
Benefits of training employees in cyber security
At this point, I hope you’re convinced and already have plans to start researching cyber security training options for your employees. But, in case I haven’t convinced you yet, here are some ways training employees in cyber security will benefit your workforce, from a previous blog of mine:
- The most obvious advantage to training your employees up is that you know them! You should have a pretty good idea of their strengths, weaknesses, and potential. As Sinclair Schuller said (in the same interview linked above) “…the value of training your own talent is that you can shape and mold the employee for your unique culture and environment.”
- Another perk is that it typically costs less. Without recruitment costs, lower risk of turnover, and likely lower salary expectations internal promotions usually require less training than hire-ins and overall cost less to promote.
- Additionally, specifically to cyber security, with the continual advancements by hackers and cyber attackers, whether you hire-in or train-up your employees will require continual training to keep up with industry methodology, tools and trends, so if you possess motivated, intelligent talent with minimal understanding, it may be well worth training them to meet the standards of the industry today.
- As far as training IT in cybersecurity skill sets, they should already have a deep understanding of your network and environments, giving them a competitive edge against those who may know cyber security methodologies, but lack experience with your specific environment, systems, and tools.
To say it simply, as the National Cybersecurity Institute puts it, “Not enough people are already skilled in cyber security, so companies need to invest in training.” It’s imperative that you train your workforce in cyber security to safeguard your company and boost the morale of your employees. Remember have clear policies in engaging in follow-up training regularly.
CyberTraining 365 is an online academy that offers nearly 1,000 hours of relevant and cutting edge cyber security training. Our training provides the most in demand industry certification prep courses including EC-Council, CompTIA, (ISC)2 and Cisco; all taught by leading cyber security experts. All of our offerings are aligned with the national initiative for cyber security education (NICE) and ensure the most up-to-date information for this constantly shifting field. With engaging content in a scenario-based format, CyberTraining 365 uses bite-sized micro-learning methodology ensures learners are not overwhelmed with information. On Demand LMS platform has white-label capabilities ideal for internal training purposes.