A report from KnowBe4 shows that 21% of the global workforce did not know who to go to when faced with a threat. KnowBe4 is a Clearwater based organization that provides security awareness training and a simulated phishing platform. The report also shows that increasing the frequency at which employees complete security awareness training has an almost universally positive influence.
Timing during a threat
The minutes that lapse between an employee seeing a potential security threat and the right person in an organization receiving the information can make the difference between warding off or leaving the door open to an intrusion. This makes ensuring employees know when to report a threat, and who to report to, a vital security step for organizations of all sizes.
In the study, annual security training reduced that percentage to 17%. But it is repetition that creates the most significant change–overall improvement on knowing who to go to doubled in those who completed monthly versus annual training.
Related: The Actual Working Hours of Americans at Different Income Levels
The report includes an assessment of training frequencies across industries, with Education, Technology and Healthcare and Pharmaceuticals coming in lowest on monthly training, meanwhile, Hospitality and Transportation are leading at 28 and 20% respectively.
Across industries, the report shows that increasing the frequency at which employees complete security awareness training has an almost universal positive influence. Without the benefits obtained by frequent training, employees are left to decipher security instructions on their own, lacking proper guidance and ultimately putting the organization at higher risk for mishandling a security incident.
According to KnowBe4 CEO Stu Sjouwerman, “Monthly training brings about an improved understanding of the terminology and knowledge about why the procedures are in place, as well as the correct channels for communication of threats. As the data demonstrates, ensuring that this vital information is communicated regularly is a necessary step in securing an organization of any size and contributes to creating a stronger security culture.”