Workers take about three months on average to reach “an acceptable level” when it comes to cybersecurity training, according to a report by Hornetsecurity.
Daniel Hofmann, chief executive officer at Hornetsecurity, warned that security awareness is critical to bolster defences against cyber threat, with phishing posing “a growing risk”.
“The findings demonstrate that most employees can reach an acceptable level of security awareness after just three months of training.
“However, training must be continuous to ensure that employees are prepared against increasingly sophisticated attack methods,” he added.
Hornetsecurity‘s Employee Security Index monitored and reported on employee practices to expose the scale of cybersecurity risk and need for training, looking at 1.7 million simulated phishing attempts on some 140,000 workers at 350 businesses.
The study found that pausing cybersecurity training for just a month leads to firms falling short on cybersecurity practice, while a four month hiatus can take organisations back to square one.
An employee’s score was calculated by the number of clicks he or she made in a simulated phishing email.
“For example, if an employee has a higher click-through rate on simulated phishing scams, the organisation is aware that this individual may be less prepared against attack methods – meaning more intensive training may be needed.”
Many organisations don’t yet provide training for workers on dealing with email threats. In addition, workers may too easily trust sources that appear authoritative, according to the vendor.
Hornetsecurity said it offered automated training on security awareness targeted to individual worker requirements as well as enabling comparisons of different groups of employees – as a standalone offering or as part of its 365 Total Protection software suite.
“The awareness engine tailors the level of training to different employees depending on their score,” the company said.