Dive Brief:

• Employers generally feel confident that their company and customer data is as secure as possible, according to a Paychex poll of more than 500 small business owners with 500 or fewer staff members. 
• Most respondents said they protect data with policies and training and that their employees recognize the importance of data security.
• More than 1 in 4 businesses, however, said they don't couple those efforts with any data security software. Of those who do use security software, nearly half use on-premise software, while 11% use cloud-based software and 14% use a combination of both.

Dive Insight:

Employers may be on the right track with training: A 2018 report from Willis Towers Watson estimated that 66% of cyber breaches are caused by employee negligence or malfeasance. External threats accounted for only 18%.

Still, less than half of businesses put employees through mandatory, formal cybersecurity training, according to a Mimecast survey of 1,000 workers who use employer-issued devices.

And for training to be effective, it must be paid with awareness and accountability, Tom Pendergast, MediaPRO's now-chief learning officer, previously told HR Dive. "Effective training only happens when an employee is both aware of the consequences their actions can have on the company," he said, "and willing to be held accountable for their part in mitigating risks on a daily basis." Among other things, this means training must be ongoing, tailored to each employer's culture and have branding that keeps it top of mind, experts said.

For many companies, the importance of cybersecurity training has grown, but a lack of talent to fill necessary roles may be making it difficult for business to keep up with demand. According to a report from Burning Glass Technologies, the field's ratio of employed workers to job openings has changed little, even as the number of graduates in the field rose by 40% between 2013 and 2017.