Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

More Than Half of Enterprise Employees Receive No Security Training: Survey Finds

A new study by Enterprise Management Associates (EMA) indicates more than half of enterprise employees may not receive any security awareness training.

A new study by Enterprise Management Associates (EMA) indicates more than half of enterprise employees may not receive any security awareness training.

In a survey of 600 employees sponsored by security training firm Security monitor, 56 percent of employees said they did not get security or policy awareness training from their organizations. This lack of training, the report argues, often results in policy violations and other risky behavior. For example, 33 percent said they use the same password for both work and personal devices. Fifty-nine percent of those surveyed said they store work information in the cloud, where enterprises sometimes do not have the same level of visibility or control over data.

In addition, 58 percent of the survey’s participants said they store sensitive information on their mobile devices – a potentially problematic figure given that 30 percent also admitted to leaving mobile devices unattended in their vehicles. Some 35 percent said they have clicked on an email link from an unknown sender. 

“The research results clearly show many security awareness and policy training programs lack the delivery periodicity, content and quality that could increase retention thereby improving security decision made by personnel and reducing risk in their organization,” report author David Monahan, research director at EMA, wrote in a summary of the study. “Company size, budgets and market vertical significantly impact the existence and maturity of the awareness training.”

While 48 percent of respondents reported their organizations measured the effectiveness of security awareness training, 18 percent said the training effectiveness was not measured and 34 percent said they didn’t know. The most common forms of training measurement were training completion (62 percent) and end of training testing (55 percent).

“While today’s organizations continue to harden their infrastructure to protect against the latest cyber threats, this report reveals that they too often fail to arm their employees with the critical information needed to avoid a data breach, prevent phishing, or report a possible security incident,” said Craig Kunitani, COO with Security Mentor, in a statement. “Every organization should make security awareness training part of its defense in depth strategy. Many of our customers report they’ve had great success in educating their staff using our security awareness training program because of our brief, interactive, and informative lessons.”

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.