Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

More Than Half of Enterprise Employees Receive No Security Training: Survey Finds

A new study by Enterprise Management Associates (EMA) indicates more than half of enterprise employees may not receive any security awareness training.

A new study by Enterprise Management Associates (EMA) indicates more than half of enterprise employees may not receive any security awareness training.

In a survey of 600 employees sponsored by security training firm Security monitor, 56 percent of employees said they did not get security or policy awareness training from their organizations. This lack of training, the report argues, often results in policy violations and other risky behavior. For example, 33 percent said they use the same password for both work and personal devices. Fifty-nine percent of those surveyed said they store work information in the cloud, where enterprises sometimes do not have the same level of visibility or control over data.

In addition, 58 percent of the survey’s participants said they store sensitive information on their mobile devices – a potentially problematic figure given that 30 percent also admitted to leaving mobile devices unattended in their vehicles. Some 35 percent said they have clicked on an email link from an unknown sender. 

“The research results clearly show many security awareness and policy training programs lack the delivery periodicity, content and quality that could increase retention thereby improving security decision made by personnel and reducing risk in their organization,” report author David Monahan, research director at EMA, wrote in a summary of the study. “Company size, budgets and market vertical significantly impact the existence and maturity of the awareness training.”

While 48 percent of respondents reported their organizations measured the effectiveness of security awareness training, 18 percent said the training effectiveness was not measured and 34 percent said they didn’t know. The most common forms of training measurement were training completion (62 percent) and end of training testing (55 percent).

“While today’s organizations continue to harden their infrastructure to protect against the latest cyber threats, this report reveals that they too often fail to arm their employees with the critical information needed to avoid a data breach, prevent phishing, or report a possible security incident,” said Craig Kunitani, COO with Security Mentor, in a statement. “Every organization should make security awareness training part of its defense in depth strategy. Many of our customers report they’ve had great success in educating their staff using our security awareness training program because of our brief, interactive, and informative lessons.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.