Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

More Than Half of Enterprise Employees Receive No Security Training: Survey Finds

A new study by Enterprise Management Associates (EMA) indicates more than half of enterprise employees may not receive any security awareness training.

A new study by Enterprise Management Associates (EMA) indicates more than half of enterprise employees may not receive any security awareness training.

In a survey of 600 employees sponsored by security training firm Security monitor, 56 percent of employees said they did not get security or policy awareness training from their organizations. This lack of training, the report argues, often results in policy violations and other risky behavior. For example, 33 percent said they use the same password for both work and personal devices. Fifty-nine percent of those surveyed said they store work information in the cloud, where enterprises sometimes do not have the same level of visibility or control over data.

In addition, 58 percent of the survey’s participants said they store sensitive information on their mobile devices – a potentially problematic figure given that 30 percent also admitted to leaving mobile devices unattended in their vehicles. Some 35 percent said they have clicked on an email link from an unknown sender. 

“The research results clearly show many security awareness and policy training programs lack the delivery periodicity, content and quality that could increase retention thereby improving security decision made by personnel and reducing risk in their organization,” report author David Monahan, research director at EMA, wrote in a summary of the study. “Company size, budgets and market vertical significantly impact the existence and maturity of the awareness training.”

While 48 percent of respondents reported their organizations measured the effectiveness of security awareness training, 18 percent said the training effectiveness was not measured and 34 percent said they didn’t know. The most common forms of training measurement were training completion (62 percent) and end of training testing (55 percent).

“While today’s organizations continue to harden their infrastructure to protect against the latest cyber threats, this report reveals that they too often fail to arm their employees with the critical information needed to avoid a data breach, prevent phishing, or report a possible security incident,” said Craig Kunitani, COO with Security Mentor, in a statement. “Every organization should make security awareness training part of its defense in depth strategy. Many of our customers report they’ve had great success in educating their staff using our security awareness training program because of our brief, interactive, and informative lessons.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

SSH Communications Security has appointed Pauli Haikonen as the company’s Chief Information Security Officer (CISO).

Cloud and container security firm Sysdig has tapped William Welch as CEO on its path to an IPO.

Dave Scher has been promoted to Deputy Chief Information Officer at MITRE.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.