Lack of Regular Cybersecurity Awareness Training Puts Organisations at Risk


50% of cybersecurity professionals admit their organisations only conduct training once a year or once a quarter

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has today announced the results of a survey conducted at Infosecurity Europe 2023 (20 - 22 June) among 220 cybersecurity professionals. The findings revealed that organisations are potentially at risk of a cyber incident due to irregular security awareness training. In fact, half of respondents admit that their organisations only conduct security awareness training once a year or once a quarter. business documents on office table with smart phone and laptop computer and graph financial with social network diagram and three colleagues discussing data in the background

What’s more, over 1 in every 4 organisations (26%) are running a one-size-fits-all approach. Of the companies that did tailor their security awareness training, 46% modified training according to department, 25% adjusted it by personality type/learning style, and 25% adapted it by seniority.

Many respondents also had a less than ideal opinion towards their own organisation’s security awareness training, with only 21% believing they have a great security awareness programme. For 27% of respondents, their current programme was found to be too boring or not attention-grabbing enough. Others claimed the training is outdated (22%), too general or not tailored (17%), not user-friendly (17%) and/or too slow or not issued in real-time (15%).

“The lack of engaging, relevant, and frequently implemented security awareness training is concerning. Particularly in light of research suggesting that as many as 80% of cybersecurity professionals have observed users performing risky behaviours at work, including the use of gaming, gambling and adult websites, as well as downloading malicious applications,” said Javvad Malik, lead security awareness advocate at KnowBe4. “Security awareness training should not simply be seen as a tick-a-box exercise. Rather, organisations must recognise that their people are critical to the success, but also the potential downfall of the business. By investing in the right training programme, a strong security culture can be nurtured and could save the company significant costs that often accompany a breach.”

Remarkably, none of the respondents have implemented security awareness training in the moment a mistake is made. Yet, nearly 1 in 4 (23%) cybersecurity professionals believe people exhibit unsafe behaviours because the teachable moment passes too quickly.

This is where KnowBe4’s SecurityCoach could prove useful. By leveraging an organisation’s existing security stack investments, SecurityCoach is the first real-time security coaching product that delivers immediate feedback to users, via Microsoft Teams or Slack, at the moment risky behaviours occur. In doing so, training remains relevant. To find out more, visit: https://www.knowbe4.com/products/securitycoach.

About KnowBe4

KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, is used by more than 60,000 organisations around the globe. Founded by IT and data security specialist Stu Sjouwerman, KnowBe4 helps organisations address the human element of security by raising awareness about ransomware, CEO fraud and other social engineering tactics through a new-school approach to awareness training on security. Kevin Mitnick, who was an internationally recognized cybersecurity specialist and KnowBe4’s Chief Hacking Officer, helped design the KnowBe4 training based on his well-documented social engineering tactics. Tens of thousands of organisations rely on KnowBe4 to mobilise their end users as their last line of defence.

Get the latest about social engineering

Subscribe to CyberheistNews