Security awareness and training platform KnowBe4 has revealed that 50% of cybersecurity professionals have admitted that their organisations only conduct training once a quarter, or even once a year.
The survey, conducted at Infosecurity Europe 2023, consisted of 220 cybersecurity professionals and found that organisations are potentially at risk of a serious cyber incident due to irregular security awareness training.
This comes in the wake of many reports citing challenges endured by an overworked cybersecurity workforce, in addition to a large skills gap within cyber organisations and security teams. Reports such as these recognise a need for workplaces to ensure knowledge and cyber defences are up-to-date.
Cyber professionals exhibiting “unsafe behaviours”
More than one in every four organisations (26%) are running a one-size-fits-all approach, according to the survey. Of the companies that did tailor their security awareness training, 46% modified training according to department, 25% adjusted it by personality type/learning style and 25% adapted it by seniority.
In addition, only 21% of professionals surveyed believed they have a great security awareness programme. For 27% of respondents, their current programme was found to be too boring or not attention-grabbing enough, with others claiming the training is outdated (22%), too general (17%), not user-friendly (17%) and too slow or not issued in real-time (15%).
It is clear that there is a greater need for skilled workers in cybersecurity roles to prevent the cost of global attacks from rising even further. In connection to growing cyberattacks worldwide, some countries are witnessing high demand for more skilled professionals within the cyber industry.
Reasons for a shortage within the industry could be due to technology advancing too quickly in contrast to not enough workers having enough of a professional skill-set to handle complex cyberattacks or data breaches.
The report cited that none of the respondents implemented security awareness training after a mistake was made. Yet, nearly one in four cybersecurity professionals believed that people exhibit unsafe behaviours within the workplace because the teachable moment passes too quickly.
“The lack of engaging, relevant, and frequently implemented security awareness training is concerning. Particularly in light of company research suggesting that as many as 80% of cybersecurity professionals have observed users performing risky behaviours at work, including the use of gaming, gambling and adult websites, as well as downloading malicious applications,” said Javvad Malik, lead security awareness advocate at KnowBe4.
“Security awareness training should not simply be seen as a tick-a-box exercise. Rather, organisations must recognise that their people are critical to the success, but also the potential downfall of the business.
“By investing in the right training programme, a strong security culture can be nurtured and could save the company significant costs that often accompany a breach.”
Please also check out our upcoming event - Sustainability LIVE in London on September 6-7 2023.
BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability Leaders, Procurement & Supply Chain Leaders, Technology & AI Leaders, Cyber Leaders, FinTech & InsurTech Leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare + Food & Drink.
BizClik – based in London, Dubai, and New York – offers services such as Content Creation, Advertising & Sponsorship Solutions, Webinars & Events.