Two-thirds of UK firms ignoring information security training
Survey also shows 50% of businesses think data loss would have little effect
Two-thirds of Britain’s small businesses provide little or no data security training for their staff, according to a new survey.
The study from Shred-it, based on responses from 1,000 small to medium-sized firms, found that 30% of companies never train their staff in the policies and risks associated with information security.
A further 38% of companies provide nothing more than token tuition – offering ineffective one-off courses rather than a concerted training programme.
It appears the paucity of training stems from a general complacency towards data security issues; half the study’s respondents said their business would not suffer at all if its data was lost or stolen.
Last year the government announced a major clampdown on such complacency, introducing a maximum penalty of £500,000 for companies which fail to impose adequate data protection procedures. However, just 4% of the Shred-it survey’s respondents said they had changed their approach to information management as a result of this new legislation.
Phil Orford, chief executive of the Forum of Private Business, said: “It’s time companies got wise to the seriousness of data theft and the importance of protecting their information. Quite apart from the implications for the commercial viability of a business, failing to secure data properly could lead to a potentially huge fine.
“It might be tempting to push issues like this under the carpet but that would be a grave mistake – and there is support, advice and guidance available to make sure you are fully secure and protected. Use it.”