CFOtech India - Technology news for CFOs & financial decision-makers
India
Guides
#
big data
#
business intelligence
#
cybersecurity
#
digital transformation
#
work from home
Search
Story image
#
Advanced Persistent Threat Protection
#
Cybersecurity
#
Cyber insurance

Survey reveals gaps in IT security training across firms

Fri, 7th Jun 2024
Author image
By Shannon Williams, Journalist

A recent survey conducted by cybersecurity provider Hornetsecurity has revealed significant deficiencies in IT security training across numerous organisations. The survey, published during Infosecurity Europe 2024 in London, uncovered that 26% of organisations do not offer any IT security training to their end-users. These findings were gathered from industry professionals worldwide, signifying a global issue.

The research underscores a concerning trend wherein cybersecurity breaches are becoming increasingly common. One in four respondents disclosed they had experienced a cybersecurity breach, with 23% of these incidents occurring within the last year. These statistics highlight the urgent need for improved and comprehensive cybersecurity measures and training programmes.

Despite the critical importance of cybersecurity training, the survey found that fewer than 8% of organisations employ adaptive training methods that evolve based on the outcomes of regular security assessments. This is alarming in a landscape where cyber threats are continuously evolving, particularly with the advent of AI-powered attacks. Furthermore, nearly four in ten respondents indicated their current training does not sufficiently address recent or AI-powered cyber threats.

Daniel Blank, COO of Hornetsecurity, commented on the survey results, stating, "Our latest research shows a clear disconnect between the perceived effectiveness of security training and its actual relevance and responsiveness to modern cyber threats, especially the recent boom in AI-driven attacks. Employees must be equipped with ongoing training to bolster any technical defences and serve as a human firewall. The ongoing aspect is essential for the training to have the most impact. It’s important to invest in the latest cybersecurity technology, but a sustainable security culture means investing in people as well."

The survey also addressed the engagement levels of current training programmes. A significant portion of respondents, nearly 31%, reported their training was unengaging or only slightly engaging. Nonetheless, 79% of organisations considered their IT security awareness training to be moderately effective in combating cyber threats. However, the survey's insights revealed a gap between belief and reality, as a considerable percentage noted the training did not adequately cover current cyber threat landscapes.

An additional concern highlighted by the survey is post-incident behaviour and reporting. After experiencing a cybersecurity breach, 94% of affected organisations implemented additional security controls. Despite these measures, 52% of respondents noted that end-users often ignored or deleted identified email threats without reporting them. Furthermore, 38% of employees forgot the training content, emphasising the necessity for continuous and engaging training improvements.

The survey findings indicated a significant demand for more effective post-training resources to help retain and apply learned security measures. Feedback on reported threats also emerged as an area needing enhancement, with 28% of respondents citing the lack of feedback as a major reason for not adhering to training protocols.

Updating and improving IT security training programmes has become crucial. Forty-five per cent of IT decision-makers perceive their current training programmes as outdated and ineffective against modern AI-powered attacks. This sentiment was echoed by 39% of general respondents, indicating the critical need for current, comprehensive training content.

Hornetsecurity has responded to these findings by developing its Security Awareness Service, a next-gen solution designed to provide tailored and automated training for employees. This service aims to offer continuous training without overburdening IT resources. Blank emphasised the importance of proactive measures, stating, "Proactivity is key: instead of strengthening after incidents, organisations should pre-empt attacks and have robust systems and processes in place. Doing so saves significant time, effort, and cost."

The survey highlighted a growing reliance on cyber insurance, with 56% of organisations now utilising it as a financial safeguard against cyber incidents. Additionally, 79% attribute the prevention of cybersecurity incidents to their IT security training programmes, while 92% acknowledge that such training has enabled end-users to identify security threats across various media platforms.

Overall, Hornetsecurity's survey reveals the urgent need for comprehensive and adaptive IT security training programmes. Organisations must prioritise continuous education and proactive measures to stay ahead of evolving cyber threats, thereby safeguarding their digital infrastructure and business operations.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Survey shows 76% of firms boost cyber defences for insurance
Trustwave report highlights severe cybersecurity threats to pro firms
Pure Storage provides glimpse of the future of data storage management
How the midmarket can maximise the success of their AI efforts
How AI can help developers boost the security of new code
Top stories
APAC software market set to grow by more than 10% in 2024
Report reveals digital transformation trends in procurement
Getting the balance right between business innovation, security and AI
Harness unveils new AI features for cloud cost optimisation
Myths and misconceptions about cloud ERP debunked