61% Of Employees Fail A Basic Cyber Security Test

Uploaded on 2021-04-20 in TECHNOLOGY--Resilience, JOBS-Training, FREE TO VIEW

Currently damages relating to cyber-crime are expected to reach $6 trillion in 2021  and now 90% of organisations are facing an increase in cyber attacks due to the pandemic.  With cyber attacks increasing dramatically after the pandemic, TalentLMS and Kenna Security teamed up to gauge employees’ awareness of cyber security risks.

Their analysis shows that the current methods of training are insufficient and not working wellAlmost 70% of employees polled in a new survey have had cyber security training, but over sixty percent failed a basic cyber test.

This was one of the leading findings of the  TalentLMS / Kenna Security survey, that sought to understand the cyber security habits of some 1,200 workers, as well as their knowledge of best practices and ability to recognise security threats.

  • Only 17% of those surveyed who work in information services passed the quiz, compared to 57% of health care employees. And yet, 93% of respondents working in information services reported receiving cybersecurity training, compared to 67% of healthcare respondents. 
  • 60% of employees who failed the cyber security quiz reported that they feel safe from threats. Incredibly, 74% of respondents who answered every single question incorrectly report feeling safe. 
  • Despite their largely inherent familiarity with technology, employees aged 18-24 collectively performed the worst on the quiz, with only 16% passing. Among age demographic groups, 25-to-34-year-olds tied with those aged 54 and over for the best collective performance, with a pass rate of 43%.

These results certainly serve to emphasise the importance of organisations using effective and proven training solutions and organisations should hold repetitive simulated phishing assessments and additional training throughout the year. 

Commenting on the survey results Hank Schless, at mobile security solutions firm  Lookout said, “Be sure to constantly run security training and include mobile in those sessions... Consider any text, email, WhatsApp message, or communication that creates a time-sensitive situation a red flag. Users should approach any suspicious messages with extreme caution, or go straight to their IT and security teams to have them examine it first.”

James McQuiggan, security awareness advocate at KnowBe4, said organisations should hold repetitive simulated phishing assessments and additional training throughout the year, in addition to computer-based training. “Make the training engaging [and] interactive and provide users with an emphasis on protecting their passwords, watching out for phishing links and what it takes to protect the organisation as much as the IT and infosec departments,” 

When asked what would make cyber security training more engaging, 52% of employees said they would like it to be presented in a simpler and less technical way, while 50% would like it to be more fun and gamified. Even though the training had a positive impact on some aspects of employees’ cybersecurity habits, such as protecting their computers and correct password management, they were not consistent across all areas.

It is vital that to be really effective, cyber security training programmes address all the potential vulnerabilities that could threaten the organisation.

TalentLMS:     SCMagazine:      Help Net Security:       Security Brief:     DevOpsOnline:    Image:Unsplash

 For a cost effective Report on your organisation’s cyber security and training requirements, please contact Cyber Security Intelligence and we will recommend the right economic cyber training and cyber audit for your organisation. 

You Might Also Read: 

Cyber Security Insights For Executives:

 

« Industry 5.0 Will Transform The Workplace
Cyber Threats & Nuclear Dangers »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CIRCL

CIRCL

CIRCL is the national Computer Incident Response Center of Luxembourg

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

Kent Interdisciplinary Research Centre in Cyber Security (KirCCS) - University of Kent

KirCCS harnesses expertise across Kent University to address current and potential cyber security challenges.

Perspective Risk

Perspective Risk

Perspective Risk provides penetration testing, security assessments, risk management & compliance solutions, InfoSec training and consultancy services.

VisionWare

VisionWare

VisionWare provide consulting services and solutions in areas covering both physical and digital security.

Viscount Systems

Viscount Systems

Viscount Systems is a global security software solutions company that is changing the way access control is deployed and managed in the enterprise.

Squalio

Squalio

Squalio is an information technology group that delivers solutions and services for secure and effective IT management.

Dual Layer IT Solutions

Dual Layer IT Solutions

Dual Layer offer a full range of IT Services and Solutions for businesses from IT infrastructure design to cloud/hosted solutions, cybersecurity, disaster recovery and IT training.

Yelbridges

Yelbridges

Yelbridges offer high quality IT security & risk management services to mitigate business risks.

Depth Security

Depth Security

Depth Security assessment services provide organizations with real-world visibility into threats facing their infrastructure and applications.

CloudSphere

CloudSphere

CloudSphere’s flagship Cloud Governance Platform enables enterprises and cloud service providers to simplify and optimize cloud migration, management, and governance.

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV)

Inflection Point Ventures (IPV) is a 6000+ members angel investing firm which supports new-age entrepreneurs by connecting them with a diverse group of investors.

tTech

tTech

tTech is the first and foremost company providing outsourced Information Technology solutions to businesses in Jamaica.

Sequentur

Sequentur

Sequentur is an award-winning Managed IT Services company. We are SOC 2 certified and provide Managed IT Services and Cybersecurity services to businesses nationwide.

CESAR

CESAR

CESAR is one of the premier R+D and innovation centers in Brazil and a designated Cybersecurity Competence Center.

AVIANET

AVIANET

AVIANET's goal is to empower enterprises and corporations worldwide and manage their digital transformation journey with confidence.

Open Cybersecurity Alliance (OCA)

Open Cybersecurity Alliance (OCA)

OCA is building an open ecosystems where cybersecurity products interoperate without the need for customized integrations. We're making standards-based interoperable cybersecurity a reality.