SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image

Survey reveals gaps in IT security training across firms

Fri, 7th Jun 2024

A recent survey conducted by cybersecurity provider Hornetsecurity has revealed significant deficiencies in IT security training across numerous organisations. The survey, published during Infosecurity Europe 2024 in London, uncovered that 26% of organisations do not offer any IT security training to their end-users. These findings were gathered from industry professionals worldwide, signifying a global issue.

The research underscores a concerning trend wherein cybersecurity breaches are becoming increasingly common. One in four respondents disclosed they had experienced a cybersecurity breach, with 23% of these incidents occurring within the last year. These statistics highlight the urgent need for improved and comprehensive cybersecurity measures and training programmes.

Despite the critical importance of cybersecurity training, the survey found that fewer than 8% of organisations employ adaptive training methods that evolve based on the outcomes of regular security assessments. This is alarming in a landscape where cyber threats are continuously evolving, particularly with the advent of AI-powered attacks. Furthermore, nearly four in ten respondents indicated their current training does not sufficiently address recent or AI-powered cyber threats.

Daniel Blank, COO of Hornetsecurity, commented on the survey results, stating, "Our latest research shows a clear disconnect between the perceived effectiveness of security training and its actual relevance and responsiveness to modern cyber threats, especially the recent boom in AI-driven attacks. Employees must be equipped with ongoing training to bolster any technical defences and serve as a human firewall. The ongoing aspect is essential for the training to have the most impact. It's important to invest in the latest cybersecurity technology, but a sustainable security culture means investing in people as well."

The survey also addressed the engagement levels of current training programmes. A significant portion of respondents, nearly 31%, reported their training was unengaging or only slightly engaging. Nonetheless, 79% of organisations considered their IT security awareness training to be moderately effective in combating cyber threats. However, the survey's insights revealed a gap between belief and reality, as a considerable percentage noted the training did not adequately cover current cyber threat landscapes.

An additional concern highlighted by the survey is post-incident behaviour and reporting. After experiencing a cybersecurity breach, 94% of affected organisations implemented additional security controls. Despite these measures, 52% of respondents noted that end-users often ignored or deleted identified email threats without reporting them. Furthermore, 38% of employees forgot the training content, emphasising the necessity for continuous and engaging training improvements.

The survey findings indicated a significant demand for more effective post-training resources to help retain and apply learned security measures. Feedback on reported threats also emerged as an area needing enhancement, with 28% of respondents citing the lack of feedback as a major reason for not adhering to training protocols.

Updating and improving IT security training programmes has become crucial. Forty-five per cent of IT decision-makers perceive their current training programmes as outdated and ineffective against modern AI-powered attacks. This sentiment was echoed by 39% of general respondents, indicating the critical need for current, comprehensive training content.

Hornetsecurity has responded to these findings by developing its Security Awareness Service, a next-gen solution designed to provide tailored and automated training for employees. This service aims to offer continuous training without overburdening IT resources. Blank emphasised the importance of proactive measures, stating, "Proactivity is key: instead of strengthening after incidents, organisations should pre-empt attacks and have robust systems and processes in place. Doing so saves significant time, effort, and cost."

The survey highlighted a growing reliance on cyber insurance, with 56% of organisations now utilising it as a financial safeguard against cyber incidents. Additionally, 79% attribute the prevention of cybersecurity incidents to their IT security training programmes, while 92% acknowledge that such training has enabled end-users to identify security threats across various media platforms.

Overall, Hornetsecurity's survey reveals the urgent need for comprehensive and adaptive IT security training programmes. Organisations must prioritise continuous education and proactive measures to stay ahead of evolving cyber threats, thereby safeguarding their digital infrastructure and business operations.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X