Fortinet report: 70% of staff lack cybersecurity awareness

A new report from Fortinet reveals that nearly 70% of organisations believe their employees lack fundamental cybersecurity awareness.

The findings from Fortinet's 2024 Security Awareness and Training Global Research Report underline the significance of cyber-aware employees in managing organisational risk.

It is becoming increasingly challenging for employees to detect attacks as malicious actors utilise artificial intelligence (AI) to heighten the sophistication of their threats. Over 60% of survey respondents anticipate that more employees will fall prey to AI-driven attacks. On a positive note, 80% of these respondents note that understanding AI attacks has prompted a greater openness towards integrating security awareness and training.

John Maddison, Chief Marketing Officer at Fortinet, stated, "As threat actors harness new technologies like AI to augment the sophistication of their attacks, it's increasingly crucial that employees are a robust first line of defense. Fortinet's new research underscores the importance of creating a culture of cybersecurity and the need to deploy organisation-wide cyber awareness and training."

He emphasised the value of Fortinet's Security Awareness Services and the free educational versions offered to school districts globally as means to enhance cyber resilience.

There is an increasing concern among leaders about the lack of security knowledge among their employees, with nearly 70% expressing such views compared to 56% in 2023. At the same time, over 80% of leaders report satisfaction with their existing security awareness and training endeavours.

The report also highlights the rise of threats that employees must contend with, such as phishing, which has become more sophisticated and convincing through AI advancements. Organisations are thus prioritising training employees on recognising and countering such threats. In the past year, more than 80% of firms experienced individual-targeted attacks like malware and phishing.

The commitment to security training is strong, with 96% of those surveyed saying their leadership supports such initiatives. In addition, 98% incorporate phishing prevention in their training programmes, with other areas such as data security and privacy also being focal points.

While IT and security teams play critical roles, employees themselves are integral to preventing cyber breaches. Many companies note positive outcomes from implementing training programmes, with 89% observing at least some improvement in their security posture post-training. "Employees are open to cybersecurity awareness and training opportunities," with most leaders indicating a positive reception among staff.

The survey points out that effective training programmes need engaging content and manageable time commitments. Fortinet's training service is designed with these principles in mind, offering customisable content and tools like dashboards for tracking learner progress. Most leaders find training of 1.6 to 2.0 hours appropriate, with three hours being the average.

Fortinet's Security Awareness and Training Service is part of a broader strategy to cultivate a cyber-aware workforce. This initiative, involving a three-pronged approach focusing on awareness, technical skills, and advanced security measures, is essential to mitigate the repercussions of breach incidents.

The Fortinet Cyber Awareness Survey included responses from over 1,850 executive and management professionals across 29 countries, notably in sectors like manufacturing, financial services, and technology.