Only 12% of companies believe their IT training strategy is very effective, according to research by New Horizons.
Staff training (or lack thereof) has long been recognised as a problem for cybersecurity, with employee error playing a role in the vast majority of data breaches. The report, based on a survey of hundreds of companies, looked into the top priorities and challenges affecting IT training.
Participants told New Horizons that cybersecurity was their top priority for 2018. At the same time, approximately one third told the company that cybersecurity implementation was their top IT challenge.
The main problem appears to be that appropriate training for companies’ specific needs is difficult to find: only 11% believe that their IT requirements and the training available are well-aligned.
Other problems raised include cost (which over 60% of participants said was the top challenge when it came to IT training), the investment of time required, and the difficulty of selecting training. The majority of companies said that they preferred to outsource IT training rather than create their own education programs, which may be part of the reason they’re struggling to find training which matches their exact requirements.
New Horizons’ report is primarily interested in training undergone by IT staff, rather than training provided to all employees. So there’s a bit of a catch 22 here – if ensuring IT staff have the necessary cybersecurity expertise in the first place is a problem, how can they be expected to protect the rest of the business?
Worryingly, despite cost being such a major factor when it comes to training (and for IT teams in general), the vast majority of companies surveyed said that their IT budget was not expected to increase. 15% said that if anything, their funding was expected to shrink.
Given the rising cost of a data breach, that statistic indicates that C-level executives are still failing to take cybersecurity seriously. But that’s been the case for such a long time that we perhaps have to wonder – is C-level obstinacy really the sole problem, or do IT teams need to take some measure of responsibility for driving the company’s cybersecurity strategy?
As IT staff will know all too well, getting technical information through to non-technical staff can be a challenge. So for something as important as cybersecurity, and when issues of budget are at play, it’s vital that senior management and board-level executives are presented information on the risks and opportunities in a way that they’re able to understand.
“Business technology is evolving fast, and companies need well-trained employees if they want to stay ahead of the curve,” said Mark Tucker, VP of Marketing at New Horizons. “Investing in IT training is one of the best ways to ensure your company stays knowledgeable, relevant and competitive for years to come.”
That’s the message IT teams need to be getting across to the company’s budget and policy decision-makers, in terms as straightforward and business-oriented as possible. Doing so will be key to securing the funding cited by so many as their chief barrier.