Make sense of cyber security: how to protect your business

Cyber security is a real and current threat to businesses in all sectors and sizes.

In April this year, Government revealed half of UK firms were hacked in the past year. Then just a few weeks ago their businesses experienced the global wakeup call with the NHS cyber attacks. As we’ve seen, the long-lasting effects of these breaches cost businesses reputations, time and money, with the global cost predicted to reach £4.9 trillion annually by 2021.

Hackers are the biggest threat to modern day businesses, but recent research from Firebrand Training confirmed how cyber security has been a low priority for businesses. Amongst the list of safety and security procedures businesses carry out, cyber security has been a low priority, with UK businesses carrying out routine fire drills twice as often as all-staff cyber drills, despite the threat being 125 times greater.

What is even more concerning is one in 10 businesses don’t know if they train any members of staff in cyber-security at all, meaning almost half a million businesses (495,000) could be left vulnerable. So who is responsible for putting a strategy in place and how do they go about implementing it?

The responsibility of protecting the business spreads across all departments, from finance teams in charge of budgets and HR managers in charge of training and recruitment. But where do you begin?

Do your research

With a new headline almost every week on cyber security hacks across all sectors, now is the time to research on upcoming legislation or advice which relates or impacts your business. One of the buzz words around data and privacy at the moment is the EU’s General Data Protection Regulation (GDPR). In May 2018, the EU is set to overhaul the relationship businesses have with personal data through a raft of new obligations and consumer rights.

The most important element of the new GDPR regulation for businesses to understand is the scope for punitive fines against companies who breach it. The GDPR is a regulation, meaning it is immediately applicable and enforceable by law. If you’re concerned about your businesses strategy around data and cyber security, now is the time to find out as much information online about the laws which will affect you.

Invest in training  

A key area for businesses to concentrate their spend is on employee training; but they need to avoid the common pitfalls of investing in the wrong type of training. As cyber security breaches are an ever increasing threat, it makes sense for training budgets to be assigned to safeguard this always vulnerable area of the business.

With the majority of employees now able to access connected devices and sensitive data, it’s essential all employees are confident and competent in basic cyber security skills. In addition to this, businesses need to hire and train professionals who understand hacking, so they can not only react quickly in the event of a breach, but can implement solutions to prevent a breach in the first instance. So what is the most cost-effective and efficient way to train new and current employees in these skills?

Cyber Security Apprenticeships

Apprenticeships schemes are a great avenue for businesses to upskill and train employees in the skills required for each individual business. Apprenticeships are understood to bring benefits for businesses and employees by combining, learning and earning. Through an apprenticeship, businesses can bring in fresh, loyal staff who can boost productivity. Data from the National Apprenticeship Service reveals that apprenticeships boost productivity to businesses by on average £214 per week. Yet, apprenticeships aren’t just for new staff. Businesses have already found that cyber security apprenticeships enable businesses to grow their existing skills base resulting in increased profits, lower prices and better products.

The new Apprenticeship Levy means firms of all sizes can overhaul how they recruit and train staff, as Government is set to contribute up to 90 per cent of the cost of an apprentice for all non-Levy payers, including training and recruitment costs. The Levy means that now UK-based employers with a salary bill of over £3 million must invest 0.5 percent of this figure in hiring apprentices or developing existing staff. This cash will be transferred to an Apprenticeships Service account, but if it’s not used it will be permanently lost. This is a huge opportunity that shouldn’t be wasted by employers.

With training schemes becoming more affordable with the Levy introduction, it is expected that the popularity of apprentices will only increase. Therefore, businesses should be considering the value of cyber security apprentices now and looking for the most effective training available in the industry.

There are cyber-security apprenticeship programmes available, ready to fill crucial roles left vacant by the skills gap. By using the Levy in this way UK firms can leverage apprenticeships to overhaul how they recruit and train their existing teams to become IT security professionals.

How does it work?

Firebrand is the first UK training provider to deliver the new Cyber Security Apprenticeship Standards. Apprenticeships offer both entry-level and established IT professionals the opportunity to build their IT knowledge and enhance their skills through accelerated training in a real-world job.

Unlike other programmes, Firebrand apprentices aren’t on day release – they’re a full-time employee. The programme includes residential training throughout the year. Between these training weeks, the employer can focus on giving their apprentice the best work experience possible.

For businesses, the training ensures their level of preparedness to protect against a cyber-attack.

By Stefano Capaldo, Managing Director at Firebrand

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.