Security awareness training needs to be interesting to be effective
A new survey of 1,000 US employees has found that boring security awareness training doesn't make them want to be secure.
Around 45 percent of employees surveyed expect to spend 15 minutes or more each month in training by mid-2021, up from 26 percent in 2020. The report shows that an increase in the amount and depth of this training results in employees who are better equipped to deal with a variety of security threats.
"Our research found that users who found training to be 'very interesting' were more than 13 times more likely to make fundamental changes in the way they think about security compared to those who found the training to be 'boring'," says Michael Osterman, researcher and president of Osterman Research.
Security and IT leaders, their staff members, and business leaders are largely onboard with the idea that developing a strong cybersecurity culture is important, everyday employees, however, are much less convinced about its importance. Also senior IT and business management are much more enthusiastic about security awareness training than are non-management employees with 60 percent believing training is most effective at minimizing cyber risk.
"The reality is that nobody is immune from attacks." says MediaPRO chief strategist Lisa Plaggemier. "It only takes one click, which can happen in the blink of an eye, before you even realize what you've done. Think of how quickly we all move through our email on busy days. Add to that the stress of COVID. Simply put, human beings are fallible. It’s critical that organizations provide engaging employee training that drives home just how much information is available about all of us."
You can get the full report from the MediaPRO site.