Despite the fact that security experts have emphasized the importance of cyber education and training as a preventative measure to protect against a devastating data breach, Chubb’s Third Annual Cyber Risk Survey finds that only 31 percent of employees in the businesses surveyed receive cyber training and education on an annual basis.

According to the Survey, although cyber risks continue to be a huge concern to both individuals and companies, there is a disconnect between the recognition of the risk and taking action to address and minimize it.

“If proper employee education programs are not implemented, there may be long-standing business ramifications.”

The Survey shows that “while individuals exercise certain Cybersecurity best practices, there continues to be a lack of understanding about the sources of exposure.” One area that was pointed out was password maintenance. “One-third (31 percent) of respondents report that they regularly change online passwords, and half (49 percent) have shares one or more account passwords with someone else…indicating a disconnect between knowing about and acting on Cybersecurity best practices.”

And here’s a really interesting conclusion: “a consistently larger portion of older respondents employ better cyber practices than younger generations.” So even though younger individuals may be more technologically adept, they are not as careful about protecting themselves from cyber risks.

What does this mean for employers? Don’t assume that any of your employees, and especially your younger employees, are using good cyber hygiene while they are at your place of work. Further, employee education is crucial to protecting the company from a cyber-attack. When employees are armed with knowledge about the newest threats, they can recognize them and act on them to prevent a disastrous outcome. Expecting your employees to obtain this information on their own is unrealistic. Invest the resources and time to educate your employees and transform them into data stewards and the company’s cyber militia.