"Security Awareness Training Goes Mainstream but Still Needs More Work"
According to a new survey of 1,900 security professionals conducted by ThriveDX, 97 percent of enterprises have implemented some form of cybersecurity awareness training this year. However, only 42 percent report involving their employees in security detection through the use of measures such as a Phishing Incident Button, while 65 percent agree that their training program needs to be expanded. According to Aaron Bostick, CISO, North America at ThriveDX, cybersecurity awareness is now in its adolescence, with almost universal agreement that regular training improves enterprise security in ways that technology alone cannot. These numbers also show that organizations still have a long way to go before they reach maturity and recognize that the only true way to mitigate modern cyber risks is to positively change employee behavior and build positive security cultures. Training is effective, with 19 percent reporting increased awareness, 14 percent reporting increased vigilance, 12 percent increasing their 'human firewall,' and 99 percent reporting increased corporate security. Of the surveyed security professionals, 96 percent also reported a positive impact on their company's overall working environment. However, respondents revealed that the most difficult parts of implementing awareness programs are gaining user acceptance, managing workload and resources, and program execution. This article continues to discuss key findings from ThriveDX's cybersecurity awareness training study.
BetaNews reports "Security Awareness Training Goes Mainstream but Still Needs More Work"