Two-thirds of UK firms ignoring information security training

Survey also shows 50% of businesses think data loss would have little effect

Two-thirds of Britain’s small businesses provide little or no data security training for their staff, according to a new survey.

The study from Shred-it, based on responses from 1,000 small to medium-sized firms, found that 30% of companies never train their staff in the policies and risks associated with information security.

A further 38% of companies provide nothing more than token tuition – offering ineffective one-off courses rather than a concerted training programme.

It appears the paucity of training stems from a general complacency towards data security issues; half the study’s respondents said their business would not suffer at all if its data was lost or stolen.

Last year the government announced a major clampdown on such complacency, introducing a maximum penalty of £500,000 for companies which fail to impose adequate data protection procedures. However, just 4% of the Shred-it survey’s respondents said they had changed their approach to information management as a result of this new legislation.

Phil Orford, chief executive of the Forum of Private Business, said:  “It’s time companies got wise to the seriousness of data theft and the importance of protecting their information. Quite apart from the implications for the commercial viability of a business, failing to secure data properly could lead to a potentially huge fine.

“It might be tempting to push issues like this under the carpet but that would be a grave mistake – and there is support, advice and guidance available to make sure you are fully secure and protected. Use it.”


Building a website for your business idea is easier than you might think. Our online tool ranks the top website builders that offer free trials.


(will not be published)