Only 10% of workers remember all their cyber security training

New research has found gaps in cybersecurity training.

  • Tuesday, 28th March 2023 Posted 1 year ago in by Phil Alsop

New research by CybSafe found only 10% of workers remember all their cybersecurity training. This is exposing companies to cyber risk.

 

1000 US and UK office workers told CybSafe about their cybersecurity training. Half of employees get regular security training courses. A quarter of respondents get none.

 

Cybersecurity training does not include new technologies

The survey looked at the use of technologies implemented in the last few years.

 

The way we collaborate and communicate has changed. Cybersecurity training has not kept up with applications like Slack and Teams. Most security training is still delivered by web-based learning management systems. 

 

Oftentimes, important security information is getting lost in the noise. Only half of the workers interviewed paid attention to emailed content (53%). Furthermore, 20% of employees said they cannot remember or find relevant cybersecurity information.

 

Missed opportunities for engagement

80% say they are likely to act on security advice provided on the platforms they use daily, such as Slack and Teams. 90% of respondents thought security nudges on instant messaging platforms would be valuable. 

 

New technologies, new risk

Slack and Teams are an afterthought. 47% have received no training for employee communication applications. Workers are more likely to share login details in tools like Slack (14%), rather than email (12%).

 

 

Dr Jason Nurse, Director of Science and research, said:“Cybersecurity training needs to centre on people. It needs an understanding of new and emerging habits. It needs to centre on how people work. And it needs to use behavioural and data science to engage. Interventions made in a timely, convenient way have a real impact.”

 

"The way we communicate is changing. Cybercriminals are one step ahead," said Oz Alashe MBE, CEO Of CybSafe.

 

"People want to be part of the solution for their organisations. Ineffective tick-box training does not work. Cybersecurity training needs a facelift. It needs to focus on people, their habits and behaviours. The right message, at the right time, on the right platform.  Data and behavioural science can help companies stay ahead of new threats.

 

"For too long cyber security has focused on employees working around their organisation. It's time organisations adapt and centre around their people."