Study: Firms failing to train staff on data security

More than half of organisations are failing to train their employees on how to manage sensitive data putting their customers' security at risk, according to the latest research by ARMA International.

The survey, which sought the views of more than 500 IT and HR professionals, found that 45 per cent of companies do not provide formal training to staff on handling corporate records and information and 46 per cent have no plans to introduce any such training in the near future. The report also reveals that almost a third (31 per cent) of businesses choose not to train their employees specifically around the security of data.

“The fact that so many organisations do not formally train all their workers on managing records and information - including the handling of sensitive data - indicates that too many top executives don't fully comprehend the risk,” said Marilyn Bier, international executive director for ARMA International. “Information is a critical corporate asset. It's also a major risk area. That realisation must start at the top.”

According to Bier, companies have a responsibility to train every single member of staff in order to stress the importance of information security. “The failure to institutionalise data management training leaves an organisation vulnerable,” she said. “Policies alone are not enough. Each employee needs to understand why data protection is important to continued operation and the risks if it’s not done well.”

Sign up to our newsletters