A recent survey conducted by Hornetsecurity has revealed that a concerning 26% of organizations do not provide IT security training to their end-users. This lack of training leaves a significant gap in the cybersecurity defenses of these organizations, as employees are often the frontline defense against cyber threats. The survey, which gathered feedback from industry professionals globally, also found that only 8% of organizations offer adaptive training that evolves based on the results of regular security tests.
One of the most common types of cyberattacks is phishing, which relies on exploiting a person’s trust to gain access to sensitive information. Therefore, it is crucial for employees to be equipped with the skills and knowledge to identify and respond to malicious behaviors. Unfortunately, the survey revealed that many training initiatives are ineffective, with 31% of respondents describing their training as unengaging or only slightly engaging.
Despite the low engagement levels, 79% of organizations believe that their IT security awareness training is at least moderately effective in combating cyber threats. However, 39% of respondents reported that the training does not adequately cover recent advancements in AI-powered cyber threats. This is particularly alarming in a landscape where AI technology is increasingly being utilized to expedite and scale attacks.
Daniel Blank, the COO of Hornetsecurity, highlighted the disconnect between the perceived effectiveness of security training and its relevance to modern cyber threats. He emphasized the importance of ongoing training to bolster technical defenses and cultivate a security-conscious culture within organizations. Blank stressed the need for organizations to invest in not only cybersecurity technology but also in training and equipping their employees to serve as a human firewall against cyber threats.
The survey also revealed that one in four organizations had experienced a cybersecurity breach or incident, with 23% occurring within the last year. Following such incidents, 94% of organizations implemented additional security controls to strengthen their defenses. However, despite these efforts, 52% of respondents noted that end-users often ignore or delete identified email threats without reporting them, highlighting the ongoing need for engaging and effective training programs.
One area for improvement identified in the survey is the provision of more effective post-training resources to help employees retain and apply security measures. Additionally, feedback on reported threats was noted as a key factor in adherence to training protocols, with 28% of respondents citing the lack of feedback as a barrier to compliance.
Another significant finding from the survey is that 45% of decision-makers in IT believe that their current training programs are outdated and ineffective against AI-powered attacks. This sentiment is echoed by 39% of general respondents, underscoring the critical need for training content that is current and comprehensive.
In conclusion, the survey highlights the importance of providing ongoing, engaging, and adaptive training to employees to ensure they are equipped to combat evolving cyber threats. Organizations must invest in both technological solutions and training initiatives to create a proactive cybersecurity posture. By prioritizing training and empowering employees to recognize and respond to security threats, organizations can effectively strengthen their defenses and mitigate the risk of cyber incidents.