Microsoft announces for the first time that Windows 10 will stop receiving support in 2025

The culture of cybersecurity, a great lack in Spanish companies according to a report by PwC Spain

86% of Spanish companies lack a culture of cybersecurity among employees, that is the devastating and main data that the latest report on the state of cybersecurity culture in the business environment produced by the consulting firm PwC Spain throws up.

The Cyber ​​Risk Culture area of ​​this company presented this Tuesday the results of this study carried out in some fifty organizations nationwide through interviews with experts, as well as surveys of those responsible for cybersecurity and research.

The level of cybersecurity culture in companies is 2.8 out of 5, according to the study

The objective is analyze the level of average cybersecurity culture that exists in Spanish companies from different perspectives.

Cybersecurity in the business environment, a present and future problem

Photo of a meeting in an office

Computer security in the business environment is a capital issue. A problem of the first order if attacks are to be avoided. From banking data to confidential information, going through internal systems or simple personal data can be the targets of cybercriminals in both large and small companies. The attacks, said the CNI a year ago, come mainly from Russia, Iran, China and North Korea.

As if that were not enough, the pandemic has accelerated the digital transformation in many companies, has promoted the adoption of teleworking and has increased attacks even more. Therefore, perhaps more than ever, cybersecurity matters. Also in the business field.

The work indicates that there is a significant margin for improvement in the current Cybersecurity Culture in Spanish companies

Cybersecurity culture level of companies in Spain

Cybersecurity culture level of companies in Spain. / PwC Spain

Report on the state of cybersecurity culture in the business environment PwC places the level of average cybersecurity culture that currently exists in companies in Spain at a 2.8 over a range of values ​​from 1 to 5.

That, they explain, implies that "There is significant room for improvement in the current cybersecurity culture"That is, an improvement in the knowledge, habits, perceptions, attitudes, norms and values ​​of people, in this case workers, in relation to computer security. The way in which these values ​​are manifested is also part of this culture in the behavior that people have with ICT.

And this is important because It is estimated that 95% of cyberattacks suffered by companies have their origin in the human factor.

The culture of cybersecurity is the knowledge, habits, perceptions, attitudes, norms and values ​​of people in relation to computer security

Startup 593296 1920

The consultant's work analyzes the situation based on strategy, knowledge, behavior and future perspective. In the first field, it stands out that 60% of organizations do not consider safety to be part of their values.

In terms of knowledge, a meager 9% of the companies analyzed have a procedure to measure the knowledge of cybersecurity professionals. In the field of behavior, it is striking that 84% of organizations are not capable of measuring, or cannot measure homogeneously, the level of awareness of employees and 64% of companies consider that the budget applied in Training and Awareness is low compared to the importance of the area. Now, according to the PwC study, the average budget applied to training and awareness corresponds to 9% of the company's Information Security budget.

The average budget allocated to raising awareness and training in cybersecurity represents only 9% of the total allocated to information security

However, we find data for optimism, given that in the area of ​​future outlook, the report concludes that 93% of respondents consider employee awareness to be a relevant or highly relevant measure and 95% of companies have, have planned or are considering an awareness plan for employees.

The report highlights the highest level of cybersecurity culture found in the largest companies, with more than 10,000 employees, given that they have greater resources, greater exposure and greater risk, as well as in those with a higher level of income (more than 5,000 million euros) and those located in Catalonia and Madrid.

"A culture of cybersecurity in companies helps to make it clear that information security recommendations are an integral part of employees' work, habits and conduct, incorporating them in their daily actions ", highlight those responsible for the report.