New data published by Osterman Research, on behalf of KnowBe4, claims that cybersecurity training needs “significant” improvement amongst organizational staff in a number of sectors.
The organizations surveyed 1,000 “random” U.S. employees across multiple markets, focusing on cybersecurity training, as well as its effect on security and data privacy elements. Key takeaways of the “2021 State of Privacy and Security Awareness Report” included:
- Glaring employee lack of confidence in training, leading to “security fails.”
- 48 percent of staffers believing it is “likely” or “very likely” that their mobile device could become malware infected.
- 24 percent indicating that clicking or tapping on a suspicious link or attachment poses “little or no risk.”
- Employees in the government, healthcare and education sector having the “least understanding about various social engineering threats.”
- Strong link between frequency of training and perceived risk.
- Members of the finance industry most interested in cybersecurity training.
- Employee cybersecurity and data privacy training halted for many with COVID-19, with:
- 23 percent having training stopped altogether with government lockdowns.
- 22 percent seeing a temporary cessation.
- 55 percent continuing such training throughout lockdown.
“A significant proportion of employees still need training about the problems associated with basic, risky behaviors,” the report noted, citing the statistic that “nearly one-third of employees still believe it is safe to plug into their computer a USB drive they received at a trade show … [and] forty-five percent believe that they have no need to take additional safeguards regarding cybersecurity because they don’t work in an IT department”