More than a quarter (26%) of organizations around the world provide no security awareness training for their employees, according to a survey by Hornetsecurity. The researchers found that smaller companies in particular tend to lack security training programs.
“This significant oversight in cybersecurity education highlights a critical vulnerability within the corporate world, particularly in smaller companies,” the researchers write. “Our survey data indicates a clear trend related to company size and the likelihood of providing such training.
While larger organizations seem to recognize and act on the necessity of educating their workforce on cybersecurity threats, smaller companies lag notably behind. Specifically, among businesses with 1 to 50 employees, nearly 30% do not offer any form of IT security awareness training.”
The survey also found that nearly 40% of respondents believe their security awareness programs aren’t keeping up with evolving social engineering threats.
“A significant portion of the workforce, specifically 39.3%, feels that the IT security awareness training provided by their organizations is not up-to-date, particularly concerning the capabilities needed to combat AI-powered cyber attacks,” the researchers write.
“This concern is even more pronounced among those in IT decision-making roles, with 45% echoing this sentiment. These statistics reveal a critical gap in current cybersecurity education programs, which may not yet fully address the sophisticated nature of modern AI-driven threats.”
Meanwhile, the survey found that four out of five respondents believe security awareness training has protected their organizations against cyber incidents.
“A compelling 78.5% of organizations believe that IT security awareness training has directly prevented them from experiencing a cybersecurity incident,” the researchers write. “This high percentage demonstrates the training’s effectiveness not only as an educational tool but as a crucial preventive measure in protecting organizational assets and information.
Furthermore, an overwhelming 91.6% of respondents agree that such training has equipped their end-users with the skills to spot security threats across various mediums, not just email. This broad applicability is vital in today’s diverse digital landscape, where threats can emerge from multiple sources, including social media, mobile apps, and web browsing.” This is additional evidence that phishing training and testing really works.
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
Hornetsecurity has the story.
