New study finds loads of outdated cyber-security training in UK

Cyber-security training at many UK organisations has failed to keep up with the times.

According to research from AXELOS, 82 percent of companies in the UK are using traditional learning methods that include information security training on computers and e-learning. Less than a third use newer methods such as animations, games and simulations.

Less than half (46 percent) of leaders in charge of training at organisations provide learning opportunities beyond staff sessions and an annual refresher course.

Despite almost all (99 percent) of senior manager respondents saying that they believed cyber-security training was essential to preventing breaches, less than half (47 percent) were amending their training to suit the jobs that people did.

Nick Wilding, head of cyber-resilience best practice at AXELOS said, “Organisations are still trusting in their annual, cyber awareness e-learning. To expect this approach to influence resilient behaviours is unrealistic. It risks leaving staff ill-prepared and unaware of the practical things they can do more effectively to manage the daily risks they face. We need a new approach.”