Only 10% of workers remember all their cyber security training

New research has found gaps in cybersecurity training.

  • 1 year ago Posted in

New research by CybSafe found only 10% of workers remember all their cybersecurity training. This is exposing companies to cyber risk.

 

1000 US and UK office workers told CybSafe about their cybersecurity training. Half of employees get regular security training courses. A quarter of respondents get none.

 

Cybersecurity training does not include new technologies

The survey looked at the use of technologies implemented in the last few years.

 

The way we collaborate and communicate has changed. Cybersecurity training has not kept up with applications like Slack and Teams. Most security training is still delivered by web-based learning management systems. 

 

Oftentimes, important security information is getting lost in the noise. Only half of the workers interviewed paid attention to emailed content (53%). Furthermore, 20% of employees said they cannot remember or find relevant cybersecurity information.

 

Missed opportunities for engagement

80% say they are likely to act on security advice provided on the platforms they use daily, such as Slack and Teams. 90% of respondents thought security nudges on instant messaging platforms would be valuable. 

 

New technologies, new risk

Slack and Teams are an afterthought. 47% have received no training for employee communication applications. Workers are more likely to share login details in tools like Slack (14%), rather than email (12%).

 

 

Dr Jason Nurse, Director of Science and research, said:“Cybersecurity training needs to centre on people. It needs an understanding of new and emerging habits. It needs to centre on how people work. And it needs to use behavioural and data science to engage. Interventions made in a timely, convenient way have a real impact.”

 

"The way we communicate is changing. Cybercriminals are one step ahead," said Oz Alashe MBE, CEO Of CybSafe.

 

"People want to be part of the solution for their organisations. Ineffective tick-box training does not work. Cybersecurity training needs a facelift. It needs to focus on people, their habits and behaviours. The right message, at the right time, on the right platform.  Data and behavioural science can help companies stay ahead of new threats.

 

"For too long cyber security has focused on employees working around their organisation. It's time organisations adapt and centre around their people."


Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
MSSPs identify regulatory compliance as additional factor as organisations seek to shift...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...
Gigamon and Exclusive Networks have expanded their existing distribution partnership, broadening...
Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...
FortiDLP’s unified approach to data protection enables enterprise organizations to anticipate and...