Majority of Workers Lack Even Basic Cybersecurity Hygiene, Survey Says
Despite employees receiving cybersecurity training during the work-from-home shift, the survey found these initiatives have been insufficient.
Of the respondents who have received training, 61% answered fewer than four questions correctly. And out of all the respondents who answered all seven questions wrong, 80% reported having received training.
SAN FRANCISCO — A survey of 1,200 U.S. employees, conducted by the online training platform TalentLMS and the vulnerability management company Kenna Security, finds that employees are most knowledgeable in laptop security, while they are unaware of how to secure sensitive data and recognize harmful files.
The new report, based on results of the survey, sheds light on the effectiveness of cybersecurity training, and examines employees’ awareness, habits and knowledge related to staying safe in cyberspace.
While 59% of employees received cybersecurity training from their companies as a response to the COVID-19 work-from-home shift, the survey uncovered that these initiatives have been insufficient.
Among key findings:
- Having a cybersecurity training program in place isn’t enough to ensure cyber safety: 61% of employees who have received cybersecurity training failed a basic test
- Surprisingly, the highest fail rates were reported in the following two industries: Information services and data (83% of employees failed) and software (73% of employees failed)
- 74% of respondents who answered all seven test questions incorrectly said they feel safe from cybersecurity threats
- 33% of employees store their passwords in their browsers, even though that puts network security at risk
- Remote employees collectively feel less safe from threats (63%), than office employees (51%)
While the survey results show that training has a positive impact on some aspects of employees’ cybersecurity habits, such as protecting their computers and correct password management, these effects are not consistent across all areas. This brings to light some of the “blind spots” of cybersecurity training programs, which, if left unaddressed, create vulnerabilities that expose employees and their companies to cyber risks and attacks.
“Simply offering a cybersecurity training program does not guarantee a skilled or educated staff. Such programs are usually theoretical, full of technical terms, and, well, boring. Cybersecurity training should be fun, hands-on, and use real-life examples. And this is because staying safe and protected in cyberspace is a hands-on, practical skill,” says Victor Kritakis, CISO, TalentLMS.
When asked what would make cybersecurity training more engaging, 52% of employees said they would like it to be presented in a simpler and less technical way, while 50% would like it to be more fun and gamified.
To view the full report, go here.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!
Related Content
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Commercial Integrator + Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add to your bottom line.
A FREE subscription to the top resource for security and integration industry will prove to be invaluable.
