Two in three companies cite inadequate employee cyber awareness

cyber attack

A Fortinet survey reveals that 67 percent of organizations believe their employees are not sufficiently aware of cyber risks. Training and awareness appear to be essential to reducing security risks.

Fortinet published the annual Security Awareness & Training Global Research Report 2024.. This shows, among other things, that cybercriminals are increasingly using advanced technologies such as AI. Fortinet aims to highlight the need for effective security training with the report in particular.

Vulnerable target

AI makes phishing attacks harder to spot, prompting organizations to train their employees. 93 percent of organizations receive support from management to offer such training. This is also much needed, the report’s figures show.

More than eighty percent of the companies surveyed reported that their staff were victims of end-user targeted attacks, such as phishing and malware. Yet 67 percent of organizations lack basic knowledge among employees to recognize and prevent these attacks.

Positive impact of training

The survey also shows that 85 percent of organizations see improvements after implementing security awareness training. 45 percent of organizations offer quarterly training, while 26 percent do so monthly. Programs primarily focus on phishing prevention (82 percent), data security (42 percent) and privacy (37 percent).

Although employees are open to training, respondents stress the importance of engaging content. Overly long or uninteresting programs reduce effectiveness. On average, training sessions last three hours, although a shorter duration is often recommended to avoid overload.

Fortinet is using the study to tout its own Security Awareness & Training Service. With the increasing sophistication of cyber attacks, a combination of security awareness, technical training and advanced security technology is essential to protect organizations.