Addressing the human factor has become a key focus in fortifying against cyberattacks, and many organizations are incorporating training into their cyberrisk management strategy. However, according to a survey from email security firm Tessian, three out of four organizations reported experiencing a cybersecurity incident in the past 12 months, despite the fact that 85% of U.S. and U.K. employees now participate in security awareness programs.
This may be in part because these programs are not engaging employees—just 36% of employees say they are fully paying attention and there is a 50-50 split on whether such training is helpful. This lack of engagement may translate into significant risk. A third of employees do not understand why cybersecurity is important, and almost 30% do not think they personally play a role in maintaining their organization’s cybersecurity.
Tessian recommended improving day-to-day IT communication, implementing strong technology tools, revamping training programs, and incorporating security education into HR processes like onboarding and offboarding.