The House of Commons has put 2,658 out of its approximately 3,000 strong workforce on an eight-part cyber security training course in the most recent financial year (FY 20/21), according to official figures.
The findings, obtained by the Parliament Street think tank using Freedom of Information (FOI) legislation, come to light amidst the security fears across Whitehall, following the ICO’s decision to raid the homes of two people under suspicions of leaking CCTV footage of Health Secretary Matt Hancock kissing an aide in his office.
The eight-part course called ‘Annual Essentials Certification’ covers training in cyber security and cyber crime, including awareness of phishing, the need to set strong passwords and how to work safely online. The data revealed that 2,207 staffers attended the course in the previous financial year, FY 19/20.
The FOI data revealed that the original design and content development work for the Cyber Security module cost £16,140, and the government also pays a £56,400 annual subscription fee to its learning management system provider to access a wide range of courses and for maintenance.
Additionally, in FY 20/21, four House of Commons staff were sent on a specialist training cyber security course costing £18,875. This course, titled ‘Cyber Security Essentials’, focusses on providing delegates with the essential security skills and techniques needed to protect and secure critical information and assets, it also taught them how to apply this knowledge to form a winning defensive strategy.
In the previous year (FY 19/20), just over £7,000 was spent on two specialist training courses, one on Cyber Threat Intelligence, and the other on becoming a Cyber Security Manager.
Cyber expert Andy Harcup, Senior Director, Gigamon said, “With rising cyber threats targeting government departments, boosting cyber skills and awareness for parliamentary staffers is a smart and necessary move.
With the Covid-19 pandemic triggering a dramatic increase in flexible working, it’s more important than ever that public sector organisations have robust systems and training in place to identify potential threats. Key to this effort is gaining full visibility into network traffic across the parliamentary estate, so that the IT team can identify rogue users and hostile attacks, allowing them to take action before a cyber breach can occur.”
Tim Sadler, CEO at Tessian added, “It’s encouraging to see that Parliament is taking security training and awareness seriously. Employees need access to the tools and knowledge to help them make smarter cybersecurity decisions and think twice before clicking. This training, though, can’t be a one-time, tick-box exercise. Training needs to be continuous and contextual if it’s going to resonate with people and stop mistakes from turning into breaches.”