IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
Spike in demand for cybersecurity training amid skills shortage
Tue, 4th Oct 2022
FYI, this story is more than a year old

Research into Google’s online search habits for cybersecurity training for employees has risen significantly over the past four years, according to the latest analysis by global compliance eLearning provider, DeltaNet International. 

Searches online for ‘cybersecurity training for employees’ have risen 114% over the past four years. 

As a result, DeltaNet says organisations are taking a step in the right direction to improve their cybersecurity compliance across their workforce. Further data revealed a significant increase for ‘cybersecurity awareness training’ of 66% in the same period.  

The surge in demand for cybersecurity awareness training comes amid continuous shortages for cybersecurity skills, suggesting employers are looking to their entire workforce to be more cyber aware to reduce the likelihood of cyber attacks. Research into the UK cybersecurity labour market revealed that half (51%) of all private sector businesses identify a basic technical cyber security skills gap, accounting for around 697,000 businesses. 

According to recent findings by Interisle, phishing attacks have increased by 61% in the past year to more than one million attacks. With the rise of phishing attacks, it is no surprise that searches related to ‘phishing awareness training for employees’ have grown 72% over the past four years. However, it’s also interesting that searches around ‘phishing simulation for employees’ surged by 62% in the same period. This shows that organisations recognise the importance of educating employees on phishing attacks and testing them to ensure they have understood the training. 

Worryingly, IBM’s recent cost of a data breach report revealed the global average cost of a data breach increased to USD$4.35 million in 2022, an increase of 2.6% from 2021. The cost of non-compliance and falling victim to data breaches is too expensive, especially with the report revealing that human errors were responsible for 21% of breaches. 

“While training is certainly not a replacement for skilled cybersecurity professionals, these statistics highlight the need for improving general cybersecurity awareness training among employees," says Jason Stirland, CTO at DeltaNet International.

"Organisations cannot just rely on cybersecurity professionals to safeguard the businesses’ infrastructure and protect their data. Training employees is a step in the right direction, but the job is nowhere near done," he says. 

"For example, testing employees with phishing simulation messages are integral to the learning process. As a result, IT and HR teams can understand which employees might be a higher risk and therefore require further training and support."

According to Stirland, employees across the board – from HR to finance – access critical data, so training everyone in the business on cybersecurity awareness issues, from understanding how to spot phishing attempts to preventing data breaches, is vital. 

"Cybersecurity is not just an issue for the IT and security teams in organisations; it’s an HR issue," he says. 

"Educating employees on cybersecurity awareness training should be refreshed yearly as part of an organisation’s compliance training program and shouldn’t wait until a data breach has occurred."

Research from the World Economic Forum revealed that 59% of cyber leaders said they would find it challenging to respond to a cybersecurity incident due to the skills shortage within their team. With the cybersecurity skills gap, organisations will remain at risk in protecting their infrastructures.  

“While businesses should have robust security systems in place, a compliant culture should exist throughout the company to reduce risk," says Stirland. 

"In addition, cybersecurity requires accountability from all employees, and the workers will only understand this if they are trained on its importance and know how to act. 

“Over the past year, organisations across the globe have been dealing with employees returning to the workplace, navigating office-based, remote and hybrid workers," he says. 

"Unfortunately, many businesses forget the importance of training their hybrid and remote workers about cybersecurity best practices – weakening the organisation’s resilience to any security breaches. 

"IT and HR professionals should identify any skills gaps in the organisation and ensure all employees understand their role in safeguarding the organisation’s infrastructure and protecting its data.”