One in four U.S. employees say their company hasn't invested in pandemic-era cyber training

A new study released this week from the cybersecurity vendor SecureAge found that although most companies ramped up defense training amidst the COVID-19 pandemic, some are lagging behind – and many workers don’t feel confident in their employers’ ability to fend off attacks.  

The study, conducted between July and August 2021, surveyed 1,000 U.S.-based respondents, 600 U.K.-based respondents and 300 Japan-based respondents.  

Alarmingly, 40% of U.S. employers said their current company had dealt with a cyber attack in the past – and another 7% were unsure.  

Yet one in four employees in the United States said that to their recollection, their company had not invested in cybersecurity training during the pandemic.  

“The COVID-19 pandemic has been one of the most fundamentally challenging periods ever for businesses and their employees alike,” said Jerry Ray, COO, SecureAge Technology, in a  statement.  

“Unfortunately, these day-to-day challenges have been compounded by a new wave of cybersecurity threats which have resulted in a host of additional threats to businesses and workers,” he continued.   

“This year’s study uncovered several alarming trends on everything from breach success to training failures and pointed to the steps that businesses and employees are taking to build more secure workplaces,” Ray continued.  


Given the effect of the pandemic on cybersecurity – including the strained resources many hospitals faced amidst patient surges and staff shortages – it’s perhaps unsurprising that the majority of companies in the SecureAge study did report adopting new protocols and tools as a result of COVID-19.  

In fact, 83% of U.S. companies said they did so specifically in response to coping with a remote workforce.  

These measures included requiring two-factor authentication, establishing a VPN, adopting data encryption, providing security software to employees and expanding cyber training and education for employees.  

But organizations also reported challenges in doing so. The most common hurdle to implementation involved technical issues, followed by employee reluctance, executive skepticism and a lack of budget.

Still, looking toward the future, the vast majority of respondents said their companies were planning to invest in new and updated cybersecurity technology.  

In the United States, 58% said they would turn to cloud-based software, 48% said they’d use file level encryption and 39% said they’d rely on full disk encryption.  

“Modern cybersecurity depends on agility and sophisticated tech,” said Ray. “Therefore, it’s no surprise that businesses are adopting tools that equip them with the ability to both respond to new threats on the fly and to lock down all the sensitive data they have.”  


Cyber incidents have run rampant across U.S. industries, and health systems have not appeared to enjoy much special treatment from criminals (although some bad actors have claimed otherwise).

But despite the heightened risk attacks on hospitals pose to patient safety, many lag other companies when it comes to cybersecurity ratings.  

Some decision-makers, however, are responding to the heightened risk environment by pouring more resources into defenses.  

“These decisions and associated investments at seven-figures-plus become board-level matters. This is why we’ve seen cybersecurity technology expand at a rapid pace – there is so much need and opportunities for solutions,” said Steve Smerz, chief information security officer at Halo Health, in an interview with Healthcare IT News in September.  


“Building effective cybersecurity defenses requires a robust, forward-thinking strategy that gives businesses the peace of mind that they are ready for whatever threats may lay ahead,” said Ray.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: [email protected]
Healthcare IT News is a HIMSS Media publication.

Source: Read Full Article