Were you unable to attend Transform 2022? Check out all of the summit sessions in our on-demand library now! Watch here.
According to a new study by ThriveDX Enterprise, cybersecurity awareness has increased significantly in the last year, with 97% of organizations surveyed having implemented some type of security awareness measures.
Given that up to 91% of successful cyberattacks start with a lack of employee understanding, this trend towards greater awareness efforts is crucial. Well over half of the survey’s respondents (54%) stated that awareness had significantly increased corporate security.
The study found that properly implemented awareness training programs move the needle of enterprise risk where technology alone cannot. As many as 87% of study participants stated that without employee training, effective IT security is not possible. However, challenges remain, including gaining user acceptance and a lack of resources for increasing awareness efforts.
Cybersecurity awareness as a ‘firewall’
While 58% of the companies surveyed have security awareness policies in place, only 42% actively engage employees in efforts with tools such as a Phishing Incident Button. This is worth noting as this type of interaction builds a “human firewall” inside enterprises, empowering employees to report threats quickly and building a strong security culture.
Event
MetaBeat 2022
MetaBeat will bring together thought leaders to give guidance on how metaverse technology will transform the way all industries communicate and do business on October 4 in San Francisco, CA.
Register Here
Additionally, just 20% of survey participants reported conducting more than seven phishing simulations per year and only 67% invest up to 12 hours per year in awareness training. In fact, one-fifth of participants conduct only one training course per year and just under a quarter reported conducting two courses. Six percent of those surveyed said they do without training altogether.
The most common training topics focused on phishing awareness (28.1%), password safety (13.3%), social engineering (9.4%) and malware (7.0%).
Awareness maturity increases, but room for improvement
Researchers did find an increased maturity in cybersecurity awareness programs, with 58% of participants reporting having an awareness policy including mission statements, policies and metrics in place. A majority (65%) of those surveyed believe cybersecurity awareness programs still need to expand.
The 2022 Global Cybersecurity Awareness Training Study by ThriveDX Enterprise surveyed 1900+ CISOs, security leaders and IT professionals to better understand the benefits of cybersecurity awareness training, in particular phishing simulations, and how employee awareness is taking hold to make enterprises safer.
Read the full report by ThriveDX Enterprise.