A fifth of businesses lack cyber security training, with almost 20 percent of businesses saying their employees have never had cyber security training.
A study by cyber security specialists Nexor of a thousand business owners also shows that only 5 percent provide cyber security training to employees when they join the company.
This follows a Government report from earlier this year that shows that four in ten businesses and a quarter of charities have experienced cyber security breaches or attacks in the last 12 months.
The government says among the companies that have identified breaches, 27 percent experience them at least once a week.
The most common are phishing attacks and impersonation.
However, the government has admitted 2021 data is lower than 2019 and 2020 data, which is possibly due to more organisations implementing basic cyber security measures following the introduction of the General Data Protection Regulation (GDPR) in 2018
Nexor says that with more businesses operating a hybrid model, effective cyber security training is imperative for all employees in order to keep businesses safe from cyber attacks.
It cited human error as the number one cause for vulnerabilities, and explains that this is why accurate training can help curb the attacks.
This corresponds with an earlier HRreview report, which found employees who lose information in cloud-based technologies are too scared to admit their errors.
Four in ten bosses admit their biggest challenge is ensuring their business is sufficiently protected. A further 23 percent said their main hurdle is knowing where to start, or being able to afford adequate cyber protection.
A payroll software, Ultimate Kronos which was attacked by hackers, is still dealing with the breach, affecting the payment of thousands of salaries.
However, almost two-thirds of employers say they plan to increase their cyber security budget in 2022, with more employees working from home, making this a necessity.
A further one in ten (41%) will be investing in a stand-alone cyber insurance policy over the next 12 months.
Fergus Mathieson, Head of Markets and Propositions at Nexor, said: The biggest cyber security measure entrepreneurs look to implement within their company over the next 12 months is more staff training. Hiring a security consultant, adding extra firewalls, employing higher levels of encryption and making two-factor authentication were also popular answers.
Darren Hockley, MD of eLearning specialist DeltaNet International, adds: “I’m a strong believer that prevention is better than cure. It’s important to embed a strong culture of compliance throughout the organisation, ensuring that staff feel the same sense of ownership for cyber security at home as they do in the office. It’s up to business leaders to continually reinforce this culture by setting the right tone from the top, identifying and managing new risks, and offering ongoing and engaging awareness training on the subject.”