55% of Companies Don't Offer Mandatory Security Awareness Training

Even those that provide employee training do so sparingly, a new study finds.

Dark Reading Staff, Dark Reading

December 6, 2018

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Although most cyberattacks begin by compromising an end user, often via phishing messages, most organizations are not training their end users to recognize those attacks. A new survey found that just 45% of organizations provide employees mandatory, formal cybersecurity training; another 10% give optional training.

According to Mimecast, even those organizations that require formal security training only do so sparingly: Six percent conduct sessions monthly, 4% quarterly, and 9% only when onboarding a new employee. Emailed or printed lists of security tips are the most common format of education (33%). 

In addition, nearly one in four employees are not aware of common cyberthreats, such as phishing and ransomware, the study says. Sixty-nine perfect are using corporate devices for nonwork reasons (including news, personal email, social media); however, one in 10 employees are using business devices for personal use more than four hours per day. 

Organizations with security-unsavvy users are at particular risk during the holiday shopping season, as both attack activity and personal use of business devices increase. 

Read more details here

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights