IT and security managers often fail to understand how well their employees actually absorb cybersecurity training, according to a survey from Mimecast and Forrester Consulting. The survey gathered responses from 120 senior IT and cybersecurity managers at companies in Australia, Hong Kong, New Zealand, and Singapore, as well as from 240 employees that worked within the same companies.
“The survey, conducted by Forrester Consulting, found that while 59% of security and IT managers think they are ‘ticking the security compliance box’, their employees report a huge disconnect,” Mimecast’s press release states. “More than half of the 240 employees surveyed in APAC (53%) disagree with that statement, and 51% believe their managers do not stress the importance of good security practices.”
Nick Lennon, Country Manager for Mimecast Australia and New Zealand, said the data shows that simply forcing employees to attend security and awareness training (SA&T) programs doesn’t mean those employees will preserve the knowledge or put it into practice.
“While security leaders in APAC believe they’ve made security a social norm by leading and encouraging others, this survey underscores that employees are not retaining, understanding or implementing key areas of cyber security training – and the existing outdated modes of training are simply not bringing about behavioural change,” Lennon said.
Line Larrivaud, Forrester Consulting Project Director for the survey, stated that managers need to grasp how important this training is in preventing cyberattacks.
“At a time when global cybersecurity threats, customer data breaches and the potential for reputational damage has never been greater, it’s of vital importance that business leaders and employees understand and value the importance of cyber security best practice within their organisation,” Larrivaud said. “They simply cannot ignore the consequences or circumvent the protocols.”
New-school security awareness training gives your employees lasting, relevant knowledge of social engineering threats and cyber hygiene and actually changes their behavior because they can make smarter security decisions, every day.
Mimecast has the story: https://www.globenewswire.com/news-release/2020/06/03/2042632/0/en/New-Survey-Reveals-Cybersecurity-Training-is-Missing-the-Mark-as-Employees-Work-around-Company-Security-Policies.html