Check out all the on-demand sessions from the Intelligent Security Summit here.
According to a new study by ThriveDX Enterprise, cybersecurity awareness has increased significantly in the last year, with 97% of organizations surveyed having implemented some type of security awareness measures.
Given that up to 91% of successful cyberattacks start with a lack of employee understanding, this trend towards greater awareness efforts is crucial. Well over half of the survey’s respondents (54%) stated that awareness had significantly increased corporate security.
The study found that properly implemented awareness training programs move the needle of enterprise risk where technology alone cannot. As many as 87% of study participants stated that effective IT security is not possible without employee training. However, challenges remain, including gaining user acceptance and a lack of resources for increasing awareness efforts.
Cybersecurity awareness as a ‘firewall’
While 58% of the companies surveyed have security awareness policies in place, only 42% actively engage employees in efforts with tools such as a Phishing Incident Button. This is worth noting as this type of interaction builds a “human firewall” inside enterprises, empowering employees to report threats quickly and building a strong security culture.
Intelligent Security Summit On-Demand
Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.
Additionally, just 20% of survey participants reported conducting more than seven phishing simulations per year and only 67% invest up to 12 hours per year in awareness training. In fact, one-fifth of participants conduct only one training course per year and just under a quarter reported conducting two courses. Six percent of those surveyed said they do without training altogether.
The most common training topics focused on phishing awareness (28.1%), password safety (13.3%), social engineering (9.4%) and malware (7.0%).
Awareness maturity increases, but room for improvement
Researchers did find an increased maturity in cybersecurity awareness programs, with 58% of participants reporting having an awareness policy including mission statements, policies and metrics in place. A majority (65%) of those surveyed believe cybersecurity awareness programs still need to expand.
The 2022 Global Cybersecurity Awareness Training Study by ThriveDX Enterprise surveyed 1900+ CISOs, security leaders and IT professionals to better understand the benefits of cybersecurity awareness training, in particular phishing simulations, and how employee awareness is taking hold to make enterprises safer.
Read the full report by ThriveDX Enterprise.
VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.