A people-first approach to tackle cybersecurity is the call from SASIG, The Security Awareness Special Interest Group. The group points to the recent findings from the UK Government Cyber Security Breaches Survey 2022. That identified a lack of investment in staff training and supply chain safeguarding when mitigating cyberattacks.
The survey findings identified limited board understanding of cybersecurity which meant the risk was often passed on to outsourced cyber providers. Findings showed that small, medium and large businesses outsource their IT and cybersecurity to an external supplier 58 per cent, 55pc, and 60pc of the time respectively. However, only 13pc of businesses assessed the risks posed by their immediate suppliers, with organisations saying that cybersecurity was not an important factor in the procurement process.
Highlighting the need for a more people-focused strategy for tackling cyber security issues, the survey found that under one in five businesses (17pc) and charities (19pc) provided training or awareness-raising sessions specifically for those not directly involved in cyber. The findings did state that relevant training and awareness-raising sessions are more commonplace in larger organisations with 61pc of businesses and 64pc of charities with an income of £5m saying they have offered this training in the past 12 months, however, in both micro/small businesses and charities with an income below £100k, the figure dropped to just 16pc.
Martin Smith MBE, pictured, is Founder and Chairman of The SASIG. He said: “As with any area of business, to achieve real success with a cybersecurity strategy businesses must always take a people-first approach. Having a robust cybersecurity policy in place is one thing but having a real understanding of how to implement this, as well as clear processes for tackling a cyber attack must always be company-wide to have any real impact and long-term benefits.
“The results of the Government’s latest Cyber Security Breaches Survey point to under-investment in meaningful staff training and awareness-raising, as well as a failure to safeguard companies from threats posed by their supply chains. A people-first approach to cybersecurity and protection against cyberattacks that includes regular training, information sharing and awareness-raising, as well as regularly reviewing the risk from suppliers is key to the ongoing protection of every company’s operational and financial performance.”
‘The human factor and cybersecurity’ workshop will feature at Big SASIG, a one-day cyber security conference run by The SASIG on Wednesday May 25. It runs at 155 Bishopsgate, London, EC2M 3YD.
There is no charge to attend – to register as a Big SASIG delegate, visit https://bigsasig.com.
