A survey by Tanium has found that IT security professionals in the UK say that 64% of avoidable cyber attacks are due to human error, which usually involves falling for phishing attacks. More than half of the respondents said that loss of productivity would be their main concern following a cyber attack.

“The largest number of survey respondents (56 percent) speculate that ‘loss of productivity’ would have the biggest post-breach impact, followed by ‘loss of clients and/or revenue’ (52 percent),” the researchers say. “However, it’s worth noting that these two answers have a mutual association – downtime. Following two years of pandemic disruption, organisations are naturally sensitive to anything that interferes with business as usual.”

The survey also found that the majority of respondents believe that spending money on security defenses is cheaper than sustaining a cyberattack.

“Forward-thinking organisations will already be acting to pay down the technical debt of their legacy systems,” the researchers write. “85% of security pros in our survey admit that ‘it costs more to recover from a cybersecurity incident than to prevent one.’”

Tanium concludes that organizations should invest in a defense-in-depth strategy that includes employee training.

“These statistics highlight that there is ample scope for cyber teams to make improvements in many areas that are under their influence and control,” the researchers write. “As an illustration, almost half of the organisations surveyed (43 percent) said they intend to invest more in ‘employee awareness training.’ This prevention-first approach is one way to reduce vulnerabilities that are often caused by human error or lack of education on cyber matters.”

New-school security awareness training can give your organization an essential layer of defense by teaching your employees to recognize and thwart social engineering attacks.

CIO has the story.