Your Biggest Cybersecurity Risks? Low Priorities, Lack of Employee Training

Your Biggest Cybersecurity Risks? Low Priorities, Lack of Employee Training

Cyber attacks have been getting plenty of attention, especially in recent years with major companies and institutions like Delta, Yahoo, and the DNC having their names added to the list of victims. It’s easy to turn the focus to the threat outside of your building, as it should be.

But just as you’re responsible for protecting your home with proper security measures (like locking the front door, closing the windows, etc.) – your management team and employees should take part in the right measures to prevent cyberattacks from occurring. According to a recent study, that’s where significant problems can be traced. When it comes to data breaches, the main culprit involved is human error instead of technological issues.

The Information Systems Security Association (ISSA) and Enterprise Strategy Group (ESG) recently released a report that included a survey of 437 information security experts and ISSA members. More than half of the experts surveyed said their companies had experienced at least one security incident.

The findings concluded that many cybersecurity risks were a result of lack of employee training, insufficient numbers of cybersecurity experts, and low boardroom prioritization.

More specifically, 31 percent said that their cybersecurity team was not large enough, about 25 percent said that employee training was inadequate to prevent cyberattacks, and 21 percent said that executive management did not make cybersecurity a high priority.

An ESG executive said the findings constitute an existential threat. “How can we expect cybersecurity professionals to mitigate risk and stay ahead of cyber threats when they are understaffed, underskilled, and burned-out?,” said Jon Oltsik, senior principal analyst for ESG.


In addition to beefing up employee training, it’s important to keep these cybersecurity measures in mind, as outlined by the cyber risk consultant group TSC Advantage:

  • Regularly check for gaps by performing penetration tests, vulnerability scans and security assessments.
  • Be ready by having a business continuity plan in place in the event of a cyberattack.
  • Prioritize your critical assets, and take extra measures to secure them.

About Tony Johnson

Innovative helps you balance your business requirements, service levels, staff and infrastructure to make your IT as effective as possible. Tony Johnson is Vice President of Operations at Innovative and has been helping clients optimize their IT spend and operations since 1983.


  • Scott says:

    Tony, excellent quick read, thanks. Here’s a follow up, how are companies determining that their cybersec team isn’t large enough? How big should that team be? And how can Innovative Integration help? Also, do you guys offer training as an outsourced component for this / employee education?

    • Tony Johnson says:

      Thanks for the feedback Scott. In general it is difficult to throw out sizing without a deep dive into business needs. I do realize that is the typical IT answer of it depends. Innovative offers consulting services and end user security awareness training (via a partner firm). How can we help you?

Leave a Reply

Innovative Integration can help you optimize your IT infrastructure. Request a Consultation