SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
IT Training
#
Awareness
Uptick in utilisation of cybersecurity awareness programs
Wed, 7th Sep 2022
FYI, this story is more than a year old
Author image
By Shannon Williams, Journalist
Follow us

Researchers at ThriveDX have announced a marked uptick in the utilisation of cybersecurity awareness programs across all industries in the last year, resulting in a higher level of security at a majority of enterprises. 

The findings are part of the company's newly released 2022 Global Cybersecurity Awareness Training Study including 1900+ CISOs, security leaders, and IT professionals.

Almost all of the organisations surveyed, a total of 97%, reported implementing some type of cybersecurity awareness training measures this past year, with most now using a combination of both phishing simulations and security awareness training. 

However, of the 1,900 security professionals surveyed, just 42% reported involving their employees in security detection with the use of such measures as a Phishing Incident Button. Its an important distinction as this type of engagement is known to further security by creating a virtual human firewall and accelerating the reporting of potential threats.

"These statistics tell us two things. The first is that cybersecurity awareness is now reaching its adolescence with almost universal agreement that regular training improves enterprise security in a way that technology alone cannot," says Aaron Bostick, CISO, North America at ThriveDX. 

"Secondly, these numbers show us that we still have a long way to go to reach maturity and an understanding that the only true way to mitigate modern cyber risks is by positively changing employee behaviour and building positive security cultures within our companies."

According to the study, 65% percent of IT professionals surveyed did agree that their cybersecurity awareness training programs need expansion, and no one indicated a desire to reduce their current engagement.

The results of employee awareness efforts were impressive across the board with 19% reporting better awareness; 14% greater vigilance; 12% said they increased their human firewall; and 99% reporting an increase in corporate security. Ninety-six percent also noted a positive influence on their enterprises overall working atmosphere. Survey participants reported that the most important success factors were training course duration, an entertaining nature, customisation, and individualisation.

"This really validates the human-centric approach that we take towards security awareness," says Roy Zur, CEO of ThriveDX for Enterprise. 

"Involving employees, offering customised security awareness training, and gaining their commitment to security is the number one way to mitigate cyber risk."

Other key findings:

  • Currently, the most popular training topics are courses on phishing and malware, password security, email security, social engineering and ransomware.
  • 72% refrain from pre-announcing phishing campaigns to employees
  • The biggest challenges cited in implementing awareness programs were achieving user acceptance (25%), workload and resources (22%) and program execution (14%)
  • The use of mission statements, policies, guidelines, metrics and systematic training is increasing with 58% of respondents reporting some form of security awareness regulations in place.
     
Related stories
Keeper Security launches user-friendly passphrase generator
Kaspersky illuminates LockBit ransomware group's advanced tactics
Cisco boosts Secure Application with added data, cloud security features
MotivationWorks upgrades cybersecurity with Radware
Building the cyber defences needed to ward off attacks
Top stories
Half of online traffic in 2024 generated by bots, report finds
Cisco launches Hypershield for AI-driven security upgrade
Axis unveils hybrid cloud platform for adaptable security solutions
Spirent partners with online payments platform to boost cyber defenses
Trustifi launches innovative phishing detection training for MSPs