_Supawat_Kaydeesud_Alamy.jpg?disable=upscale&width=1200&height=630&fit=crop "Training resources for cybersecurity are frequently restricted to developers.")
A recent study has revealed that cybersecurity executives are falling short when it comes to prioritizing software security training for all employees within a company. Instead, they often only see it as necessary for a select few and for reasons that may not align with best practices.
According to research conducted by CMD+CTRL Security and Wakefield Research, nearly half of cybersecurity leaders who provide security training tools do not view awareness efforts as essential in their organizations. Additionally, half of these leaders provide security training with the goal of building a “security culture,” but only 41% cite the increased risk from third parties and supply chains as a motivation for doing so.
The research report titled “Enhancing Cybersecurity: The Critical Role of Software Training” highlighted that executives implementing these training programs are mainly driven by factors such as customer satisfaction, time to market, and financial costs. This indicates a disconnect between the perceived importance of cybersecurity training and the actual motivations behind providing it.
Furthermore, the study revealed that cybersecurity leaders who acknowledge the need for software security training often do not prioritize customized training solutions. This could be due to a lack of importance placed on tailored training or a lack of resources to provide it. As a result, many companies end up focusing on developer-only training or broad-based programs that are not as effective in mitigating cyber risks.
Given the risks associated with inadequate training, experts emphasize the importance of implementing effective resources for all employees, tailored to their specific roles within an organization. This approach allows employees to gain the knowledge and skills necessary to identify vulnerabilities, follow best practices, stay informed about the latest threats, and learn how to mitigate them. Ultimately, this comprehensive training approach can lead to fewer cyber breaches and greater resilience in an organization’s supply chain.
In conclusion, the study sheds light on the gaps in cybersecurity training practices among executives and underscores the importance of prioritizing training for all employees. By recognizing the critical role that software security training plays in safeguarding against cyber threats, companies can better protect their assets and ensure a more secure operating environment.