Highlights:
- According to the results, awareness training programs can move the needle on enterprise risk when technology alone cannot.
- Over half of those surveyed (54%) confirmed that there had been a noticeable improvement in corporate security because of increased knowledge.
A recent report by ThriveDX Enterprise revealed a significant increase in cybersecurity awareness in the last year. Ninety-seven percent of the polled organizations reported having implemented a security awareness program.
This trend toward increased awareness is vital, given that up to 91% of successful cyberattacks stem from a lack of staff comprehension. Over half of those surveyed (54%) confirmed that there had been a noticeable improvement in corporate security because of increased knowledge.
According to the results, awareness training programs can move the needle on enterprise risk when technology alone cannot. Over 87% of respondents said that adequately trained employees are essential for robust IT security. But there are still obstacles that need to be overcome, such as getting people to utilize it and not having the resources to spread the word.
Knowing how to protect yourself online acts as a “firewall”
Even as 58% of the polled companies had implemented appropriate security awareness policies, just 42% of the companies actively engaged in efforts with tools such as the Phishing Incident Button. One must keep this in mind because it contributes to establishing a “human firewall” within an organization. A strong security culture may flourish when workers can report issues quickly.
Furthermore, just 20% of the polled participants said they ran more than seven phishing simulations each year. Just about 67% of the respondents spent little more than 12 hours per year on awareness training. One-fifth of participants reported carrying only one training course each year, while somewhat less than a quarter of the participants reported completing two training courses. Six percent of those polled said they never do any training.
Password security (13.3%), phishing awareness (28.1%), social engineering (9.4%), and malware (7.1%) were some of the most common training topics.
Increased awareness, but room to grow
However, the study did find that cybersecurity awareness programs have matured, with 58% of respondents claiming to have an awareness policy in place, complete with purpose statements, procedures, and metrics. Sixty-five percent of those who took part in the survey agreed that more should be done to raise people’s awareness of cybersecurity threats.
To conduct its 2022 Global Cybersecurity Awareness Training Study, ThriveDX Enterprise polled over 1900 CISOs, security leaders, and IT pros. The poll was conducted to learn more about the effectiveness of cybersecurity awareness training, in particular phishing simulations, in raising awareness among employees and making businesses safer.