Hardhats vs. Cyber-Hacks: a snapshot of UK local authority staff training habits
With cyber-security threats an ever-growing issue for public and private organisations across the UK, we were curious to find out how local authorities continue to educate staff on both IT security and data protection. To find out more, Citrix recently issued a Freedom of Information (FoI) request issued to 129 local authorities in the UK, with 109 organisations responding.
The request aims to compare the amount of revenue committed to training courses such as health and safety, meditation, working at heights and managing difficult situations, with that spent on protecting data from cyber-attackers like IT security and data protection training.
Interestingly, the new findings suggest an average of £27,818 is now spent by many local authorities on health and safety training – representing nearly double the spend in 2015 (£14,061 per local authority) – compared to an average of just £3,378 being spent on data protection and IT security training courses.
It’s important to stress that these results are not exhaustive and definitive – and merely indicative of what might be. Yet, according to the figures provided, nearly £1.2m has been committed between the councils this fiscal year on health and safety, meditation, working at heights and managing difficult situations training, compared to just £104,711 on IT security and data protection courses.
A majority (86 per cent) of local authorities that responded to our request spent nothing at all on IT security training this year. However, several (24) have stated they provide free ‘e-learning’ or ‘on the job’ data protection and IT security training. This does suggest a possible over-reliance on data protection and IT security e-learning modules, even in today’s evolving threat landscape.
Finally, mobile device usage over the past two fiscal years continues to grow. An average of 714 smart devices per local authority – such as smartphones and tablets – have been issued to staff, totaling more than 56,000 overall. However, responses confirmed that 39.6 per cent of all these devices aren’t protected by enterprise mobility management software.
Of course, a broad scope of training is vital in today’s work environment. And we commend local authorities for arming their employees with these additional skills, as well as seeking to improve their work / life balance through issuing smart devices and committing to a well-rounded programme of training courses.
However, cyber threats continue to be more prolific and advanced today than ever before. As ransomware, malware and other threats continue to emerge and evolve – coupled with the risk of penalties of up-to £500,000 for data-breaches – it is crucial that employees know how to keep information secure from external threats.
With the stakes so high, councils must ensure that staff understand the importance of data protection in the growing threat landscape.
Citrix issued a Freedom of Information (FoI) request to 129 local authorities across the UK in August 2016, asking each one:
- Over the past two years, how much budget has been spent on the below training programmes (please detail how much spent in each fiscal year)?
- Mindfulness / meditation
- Health and safety
- Data protection
- IT security
- Over the past two years, how many smart devices has your local authority issued to staff (please detail how much spent in each fiscal year)?
- How many of these devices are protected by mobile enterprise software?
109 of the 129 local authorities which received these questions responded.