Some two-thirds of UK employees have a low level of understanding of information security risks and fail to use procedures they have been taught in training, according to research by risk consultancy Protiviti.
The survey of senior information security and risk professionals also found that nearly three-quarters thought employees had a poor understanding of the positive role they could play in reducing security risks and a majority (57%) said they had noticed no change in employee behaviour after completing security awareness training.
Ryan Rubin, director at Protiviti UK, said: “Information security training needs to be more focused on employees’ roles and the consequences of information security breaches and less on the basic mechanics of security.”
A separate survey of employees carried out by Protiviti found that after completing security training, 55% of employees believed they had become more careful where they leave laptops, phones or USBs.
Sally Percy is editor of The Treasurer