Login Register Subscribe
Current Issue

Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Despite data breaches, many employers skip cyber risk training

Reprints

Although more than half of respondents say their organization has had a data breach caused by a malicious or negligent employee, less than half make data protection and privacy training mandatory, according to a survey report issued Monday by the Ponemon Institute L.L.C.

The survey of 601 respondents, which was conducted in April, found that while 55% believe their organization has had such a security breach, just 45% make training mandatory for employees.

And even when mandatory, 29% of respondents say their CEO or C-suite executives are not required to take the course, according to the survey by the Traverse City, Michigan-based data security research firm.

“Managing Insider Risk through Training & Culture” was sponsored by Experian Data Breach Resolution, a unit of Costa Mesa, California-based Experian Information Solutions Inc.

The report says also even when there is training, there are “critical areas that are often ignored.” A total of 49%, for instance, say the course includes phishing and social engineering attacks, while 36% say it includes mobile device security and 29% say the course includes the secure use of cloud services.

In addition, 67% of respondents say their organizations do not provide incentives to employees for being proactive in protecting sensitive information or reporting potential issues, among other survey findings.