new survey by cybersecurity provider

Hornetsecurity has uncovered significant gaps in IT security training , with a quarter ( 26 %) of organisations still providing no form of training to their end-users .

The company issued the survey results at Infosecurity Europe 2024 .

Despite the low engagement levels , 79 % of organisations believe their IT security awareness training to be at least moderately effective in combating cyberthreats . However , nearly four in 10 ( 39 %) reported that the training does not cover recent or AI-powered cyberthreats adequately . In a world where AI is expediting and increasing the scale of attacks , this is alarming .

Employees must be equipped with on-going training to bolster any technical defences and serve as a human firewall .

The survey , which compiled feedback from industry professionals around the world , also reveals that fewer than one in 13 ( 8 %) of organisations offer adaptive training that evolves based on the results of regular security tests . In a rapidly evolving cybersecurity landscape , where malicious threat actors are constantly devising new ways to infiltrate and harm , this is a significant business concern .

Engagement and effectiveness in training

People represent the frontline of every company ’ s cybersecurity strategy . The most popular type of cyberattack is phishing , which preys on a person ’ s trust . Employees must therefore be equipped with the skills , understanding and confidence to spot malicious behaviours .

Sadly , Hornetsecurity ’ s survey revealed that not only is there a significant gap in training , but training initiatives are seen to be ineffective . Nearly a third ( 31 %) of respondents reported that their training was unengaging or only slightly engaging .

Daniel Blank , COO of Hornetsecurity , said : “ Our latest research shows a clear disconnect between the perceived effectiveness of security training and its actual relevance and responsiveness to modern cyberthreats , especially the recent boom in AIdriven attacks . Employees must be equipped with on-going training to bolster any technical defences and serve as a human firewall . The on-going aspect is essential for the training to have the most impact . It ’ s important to invest in the latest cybersecurity technology , but a sustainable security culture means investing in people as well .”

Post-incident adaptations and reporting gaps

The survey found that one in four organisations had suffered a cybersecurity breach or incident – 23 % of which had occurred in the last year . Notably , 94 % of these organisations took steps to strengthen their security by implementing additional controls post-incident . Yet , despite these efforts , 52 % of respondents noted that end-users often ignore or delete identified email

22 WWW . INTELLIGENTCISO . COM