EU Companies Prioritise Cybersecurity But Lag in Staff Training

While cybersecurity is seen as high priority in EU-companies, few provide training and raise awareness on cybersecurity among their staff.

A new Eurobarometer survey of over 12,900 companies across the 27 EU member countries in April-May 2024, showed that 71% of EU-based companies say cybersecurity is a high priority. Still, only 25% of companies have provided their staff with training or raised awareness on cybersecurity over the past 12 months.

These findings are particularly notable as they come during a period of heightened attention to cybersecurity risks.

Highest priority in Ireland, Italy and Luxembourg

The highest levels of companies prioritising cybersecurity were in Ireland, Italy, and Luxembourg, with over 80% of companies marking it as a high priority. Conversely, Romania, Lithuania, and Bulgaria had the lowest levels, with less than 50% of companies considering it a high priority.

Training and awareness: A large gap

Despite the high priority given to cybersecurity, the majority of companies across the EU27-countries have not provided any training or awareness programs in the past year.

Companies in Czechia, Germany, and Luxembourg had the highest levels of training and awareness activities, with around 40% of companies reporting such initiatives. On the other hand, Romania, France, and Estonia reported the lowest levels.

Barriers to training

For those companies that did not conduct any training or awareness-raising, the main reason cited was that no training was deemed necessary. This was the case for 68% of companies on average across the EU27.

While a significant number of companies recognize the importance of cybersecurity, there is a clear gap in the implementation of training and awareness programs. Addressing this gap is crucial for enhancing cybersecurity resilience across the EU.

Read more: