New research has found gaps in cybersecurity training
Canary Wharf, London, 22 March 2023 – New research by CybSafe, the behavioural science and data analytics company, found just 1 in 10 employees remember all their workplace security training. The data demonstrates that employees are forgetting infrequent training, raising questions about delivery methods and timing. 20% of respondents who received daily and weekly training remembered all of it. Whereas, only 9% of people who received training annually, quarterly, and monthly said the same.
The research asked 1000 US and UK office workers about their experiences with cyber security training. It found that only half of employees receive regular training courses. A quarter of respondents stated they never receive cyber security training.
Missed opportunities for engagement
According to workers, 79% said they are likely to act on security advice provided on the platforms they use daily, such as Slack and Teams. 90% of respondents thought security nudges on instant messaging platforms would be valuable.
New technologies, new risk
The survey also looked at the use of technologies implemented in the last few years. It found employees are more likely to share login details in applications like Slack (14%), rather than email (12%).
Dr Jason Nurse, Director of Science and research, said: “New forms of communication need new ways to lower security risk for people and businesses. Training needs to be delivered where people are. Interventions made in a timely, convenient way have a real impact.”
Changes in the tools we use to communicate have not been met with changes in security training. Despite the increasing use of applications like Slack and Teams, employees still receive training by web-based learning management systems. Around half (53%) of workers said they always engage with employers’ emailed security content. In contrast, 47% have received no training for instant messaging platforms, or employee communication applications. Even when employees have received training, engagement with content is limited further. Almost 1 in 5 (17.8%) of employees fail to remember or find the relevant cyber information.
Commenting on the research, Oz Alashe MBE, CEO Of CybSafe, said: “As behaviour changes and threats increase, so too must the tools we use to combat them. The way we communicate is changing. Cyber criminals are keeping one step ahead.
“People want to be part of the solution for their organisations. This research highlights that ineffective tick-box training with little thought of the time of day or the person receiving it, is not effective. The right message, at the right time, on the right platform makes a difference. Training should change when the way we work does.
“For years, cyber security has been focused on employees working around their organisation. It’s time organisations adapt and centre around their people.”
-ENDS-
Note to editor:
CybSafe has introduced ‘nudges’ to its product offering. Check out this video to gain insight into how these revolutionary interventions positively influence security behaviours.
A nudge is a prompt that has been specifically designed to influence a user’s security behaviour. In the past, security information has been sent over email. While this may at times be useful, sometimes it isn’t. People with busy, full jobs and lives can’t reasonably be expected to remember this content all of the time.
Nudges are timed to be received at the right time, in the right format, on the right platform to be effective. Through this method, interventions are more effective, producing a 60% success rate in positively influencing security behaviours.
To find out more about nudges, and access examples, check out the Nudge Toolkit. A resource that collates everything CybSafe has developed relating to nudge technology. This includes information and video content discussing the feature, research & the science behind Nudges, examples of the technology in action and what it means for the future of cyber security.
The Nudge Toolkit also includes the Nudge Taxonomy. This revolutionary new database uses science-based mechanisms to cut through cognitive biases and barriers to security behaviours, so organisations can get people to do what they need them to do.
About CybSafe
CybSafe is a behavioural science and data analytics company that builds software to help organisations manage human cyber risk. The CybSafe software platform tracks and measures security behaviour to improve security controls and awareness activities. It delivers instant, personalised support for users and enables security teams to reduce risk in changing environments. CybSafe is being used by over 350 organisations, in 15 countries and is accredited by NCSC and CIISec.
CybSafe delivers the annual PeepSec summit, an official London Tech Week event and the UK’s first event focused on the people, culture, and social aspects of cyber security.
For more information, please visit www.cybsafe.com
Press contact
Resonance – cybsafe@resonancecrowd.com