Canada is paying more than the global average for data breaches, according to an IBM report. From March 2021-March 2022, 25 Canadian companies paid an average of $7 million in recovery costs per incident, compared to the global average of $5.5 million.
Those facts alone should be enough to convince you that cybersecurity awareness training is important for data protection.
According to the Insurance Bureau of Canada’s (IBC) inaugural Cyber Savvy Report Card, only 34 percent of small and medium-sized business (those with fewer than 500 people) employees said they get mandatory cybersecurity awareness training.
As part of the report card, IBC identified multiple worker behaviours that could make data more susceptible to cyber criminals:
- 27 percent of respondents use just one password to access multiple websites they use for work
- 23 percent access public Wi-Fi from their work computer
- 19 percent download software/apps on their work devices that weren’t provided by their employer
- 7 percent allow friends and family to share their work computer
- 5 percent share their work login credentials by email or text
Per the report, 72 percent of employees said they’re guilty of at least one of these behaviours.
If you’re not yet sold on the idea that you need to implement cybersecurity training in your workplace we have a few more reasons that may make you reconsider.
1. Prevent data breaches and phishing attacks
Information security awareness training helps prevent breaches.
Of course, it’s challenging to estimate how many breaches a security awareness training programme stops.
What we can do is show the security awareness software’s return on investment (ROI). How? Through a comparison of the number of events amongst cyber security awareness campaigns. The measurements that are produced can be utilized to determine ROI.
However, we don’t even need to do the arithmetic to tell you that while security awareness training is relatively inexpensive, data breaches can cost millions of dollars. So, in reality, cybersecurity awareness training doesn’t require much to yield significant benefits.
2. Build a culture of security
Developing a culture of security has long been seen as the holy grail, but that goal is notoriously hard to achieve.
With the help of cybersecurity awareness training, more organizations are heading in the right direction.
Training that covers situational awareness (why someone might be at risk) plus work and home-life benefits is a good way to bring people on board.
3. Make technological defences against cyber threats more robust
Technological defences are a great weapon in preventing breaches. But technological defences require input from your team.
Firewalls need to be turned on. Security warnings need to be acknowledged. The software needs to be updated.
Attackers today rarely bother trying to attack businesses through technological means only. Today’s attackers typically target people, as they are seen as an easy way into protected networks.
4. Give your customers confidence
In today’s world, your customers are aware of cyber threats. And, as customers, they want to feel safe and secure. They are giving you their information and expect you to handle it with care.
That means a business that takes measures to improve cybersecurity will generate consumer trust. And we all know that a trusted business breeds customer loyalty.
According to a new ISACA study, nearly 1 in 3 consumers stopped doing business with a company known to have compromised cybersecurity!
Compromised endpoint security, phishing attacks, social engineering and data breach are common security incidents that could raise red flags in the mind of the consumer.
Clearly, customers pay attention to security credentials. When you introduce cyber security awareness training, your customers see you as more responsible, which can only benefit your business.
5. For compliance
More and more regulators are demanding specific industries implement cybersecurity awareness training.
The Canadian government has even started an online cybersecurity campaign during the month of October.
6. Be socially responsible as a business
As we have seen in the past year cyberattacks can spread quickly.
The more networks that become infected, the more at-risk other networks become. And one network’s weakness increases the overall threat to others.
That means the absence of cybersecurity awareness training in one organization makes other organizations vulnerable. It’s a little like leaving your house door unlocked – with the keys to your neighbour’s place inside.
7. Improve employee wellbeing
Happy employees are productive.
So, it’s worth remembering that cybersecurity awareness training doesn’t just keep people safe at work. It keeps them safe from cyber security threats, phishing and social engineering in their personal life too.
Cybersecurity training isn’t just an employer benefit. It’s an employee benefit, too.
Join our webinar!
Have you registered for our Cybersecurity Awareness Training webinar? It’s not too late!
Sign up today and get advice from experts in the field!