Managers in UK organizations are getting better at understanding online safety best practice, but their skills are not necessarily matched by other employees, a new study has found.
The Chartered Management Institute (CMI) surveyed 1000 managers in March for its latest Managers Voice Pulse Point Poll.
It revealed that 93% now claim to have an “intermediate” or “advanced” understanding of online safety practices, such as using strong passwords and avoiding phishing scams. That’s up four percentage points from a year ago.
However, only 59% claimed that their organization offers regular cybersecurity training to all employees. By contrast, 79% of managers said they’ve participated in cybersecurity training or awareness programmes in the past year.
This matters, because it theoretically takes just one misplaced click on a phishing link or approval of a money transfer request to land the entire organization in trouble.
Read more on managers: Two in Five IT Security Managers Considering Quitting Their Jobs.
Most (92%) respondents agreed that employers have a responsibility to improve the digital skills of their staff.
Yet even though they’re improving in terms of cybersecurity awareness, the vast majority (80%) of managers surveyed also admitted their own digital skills still need enhancing.
“While it’s encouraging to see a rise in cybersecurity awareness, much work remains,” argued CMI policy director, Anthony Painter.
“Employees are the first line of defense and organizations must invest in upskilling their teams to create a resilient workforce. As we face growing digital challenges, [such as] access to emerging technologies, our biggest assets remain our people and their continuous development.”
The findings come amid growing concern over the cyber-resilience of public sector organizations following high-profile breaches at the Electoral Commission, the UK Ministry of Defence and in the NHS supply chain.
Some 85% of respondents said they’re concerned about mounting cyber threats, according to the CMI.
“Cybersecurity breaches and attacks are not just common; they are disrupting critical public services that millions of UK citizens rely on,” said Painter. “Leaders in our public sector have a crucial role in addressing these threats to safeguard essential services.”
A majority of respondents said that their organization deploys software and system updates (78%), enhanced access controls such as multifactor authentication (66%), and file-sharing solutions with restricted access (65%).