Firms often overlook IT security education for employees

by CXOtoday News Desk    Sep 23, 2013


Effective IT security training for employees is a prerequisite to combat cyber threats. However, a recent report by security firm Kaspersky Lab suggests that most organizations do not pay attention to this aspect. Over 60% companies assign their own tech support department to train company employees in matters of IT security, rather than hiring outside IT consultants or security professionals, according to Kaspersky Lab’s Global Corporate IT Security Risks 2013 survey.

According to Kaspersky, most companies believe that an organization’s in-house IT Department should train company employees in IT security matters — even though staff education is not one of the key functions of an IT Department. However, respondents noted that IT Departments have other important tasks and typically do not have time to educate their co-workers. Obviously, this can have a negative impact on the quality of training.

A better outcome can be delivered by commissioning a third-party IT consultant with the requisite training expertise. However, only 12% of respondents reported having done so, as per the study.

The HR Department is involved in employee training at 8% of the companies that took part in the survey. A similar number of companies delegate this matter to an Employee Training and Development Department. Roughly 3% respondents reported that they commission an outside corporate training provider.

In general, the importance of employee education in IT security is acknowledged by the overwhelming number of companies — only four percent of survey respondents stated that their companies do not train their staff in IT security at all. However, the quality of corporate education is open to question; after all, employee awareness about cyber threats has a direct impact on the extent to which a company’s IT security policies are followed and, as a result, on the overall degree to which a company is protected against cyber threats.

Presently, the extent to which policies are being enforced is relatively low, with approximately 39% of survey participants indicating that company employees do not always respect or diligently adhere to corporate IT security rules.

 Incidentally, no matter how alert and well-informed the staff, the risk of a successful cyber-attack against a company remains high, and the use of advanced corporate IT infrastructure security solutions is critical.