A new report from e2e-assure shows that the majority (76%) of cyber risk owners in healthcare believe that most cyberattacks come through a lack of employee diligence.
According to the report, over a quarter (28%) of healthcare employees admit they are currently disengaged in the training offered by their company.
This comes as the majority (72%) of Healthcare organisations said they are concerned about the rise of new technologies such as AI and the threat it could pose to their organisation.
86% of cyber risk owners in Healthcare say they’ve worked at an organisation that has experienced a cyberattack, up from 77% last year.
Comparing this year’s findings to e2e-assure’s 2023 research, cyber risk owners in healthcare say resilience is now at the top of their agenda (49%), up from 36% last year, but the findings reveal AI could be about to unravel the years of hard work already spent building it.
While 88% of healthcare cyber risk owners are confident in their AI policies, 50% of healthcare workers are either unsure as to whether their organisation even has AI policies in place (32%) or are unaware of what they are (18%).
With 41% of healthcare workers using ChatGPT or Copilot at least once per week and 41% saying they have personally been a victim of a cyberattack at work, the apparent disconnect around knowledge of AI policies goes some way to explaining why.
Given that employees are often the first line of defence against cyber criminals, education and training are integral for healthcare teams in mitigating the potential impact of breaches, but the research reveals a worrying lack of engagement in the training provided.
More than half (52%) of workers said they are only ‘somewhat engaged’ and over a quarter (28%) are ‘not engaged’ at all.
It’s no surprise then, that 76% of cyber risk owners in Healthcare agree most attacks are due to lack of employee diligence.
This news comes as the UK healthcare sector has faced an onslaught of cyberattacks over the course of the last 12 months, including the ransomware attack on pathology supplier, Synnovis, which led to the cancellation and postponement of thousands of operations across London hospitals.
When healthcare employees were asked about the consequences of falling for a cyberattack, 27% said they receive training and a disciplinary if they cause another breach and a quarter (25%) said they are required to just attend training.
However, nearly a third (32%) of healthcare employees don’t actually know what the associated consequences would be if they caused a cyber breach, further calling into question the efficacy of training provided.
Furthermore, the data showed that Healthcare employees are not receiving the style of training that resonates with them.
Employees in this sector are less likely to receive real-life scenario training (38%), despite a huge majority (82%) of workers stating they would be more engaged if they did.