Research from ramsac, a leading cybersecurity support firm, has found just 1 in 3 UK adults (32%) couldn’t pass a cybersecurity test for 11-year-olds. By posing five simple questions to professionals accessing an IT website, typically decision makers in an organisation looking for IT services that are part of the UK’s 11-14-year-olds curriculum, we found that 32% of respondents were unable to answer correctly. ramsac then collated and analysed the results to understand where the weak gaps in our human firewall, a term used to describe the human aspect of cybersecurity, exist.
Interestingly, more than 1 in 5 (21%) got the question on what helps to safeguard against phishing wrong, showing a clear gap in our understanding of our responsibility to prevent cyberattacks. Considering that the governments Cyber Breaches Survey in 2024 showed that the most common type of breach or attack is phishing (84% of businesses and 83% of charities), it’s concerning that professionals were most likely to get this question wrong.
Overall, the data shows that most professionals have a knowledge gap around malware (14.92%), with respondents most likely to get questions relating to malware wrong compared to phishing related questions (13.31%) and cybersecurity awareness (6.85%). As one person can cause an organisation to fall victim to a cybersecurity breach, and so these high percentages show how vulnerable many organisations are.
Rob May, Founder and Executive Chairman of ramsac, said of these findings “It’s deeply concerning that so many UK adults are less cyber-savvy than an 11-year-old. The basics of cybersecurity – like recognising phishing attempts or knowing not to trust an unknown USB stick – aren’t just technical details; they’re essential life skills in our digital world. In the same way we teach children to look both ways before crossing the road, we must instil a sense of cyber awareness in everyone. At ramsac, we see first-hand how even the most basic gaps in understanding can lead to costly breaches. This isn’t just an IT issue; it’s about keeping individuals and organisations safe in an increasingly connected world.”
In an age where data breaches and hacks are becoming all the more prevalent, it’s essential that everyone with access to the internet is aware of how to prevent and spot cyberattacks. Professionals, who often have access to greater funds and potentially valuable and sensitive company information, aren’t exempt from this, and regular cybersecurity training and reminders are essential to protect them and their employer from cyber threats.
In order to help form a stronger human firewall businesses need to:
- Invest in regular cybersecurity training and testing: Having a policy document that’s read once isn’t going to cut it. Instead, businesses need to provide regular cybersecurity training that ensures people can accurately identify and respond to a wide variety of threats. Phishing simulation tests can be a fantastic way to mimic real-world scenarios and help you spot weaknesses in your human firewall.
- An open communication around cybersecurity: Companies that encourage people to ask questions and challenge anything suspicious without fear will be more resilient when it comes to potential cyberattacks.
- Regular patching and updates: One of the things that your IT team can do is to ensure patches and updates are tested and applied regularly. These help to reduce the risks of known vulnerabilities in systems from being penetrated.
