Abstract
A key element in employees’ ability to take secure action when faced with potential security threats is knowing who within their organization they should communicate the threat to. In this report we examine the number of employees who know who to go to within their organization in the event of a security incident by how often they complete security awareness training. Employees from 17 industries across 7 global regions were asked whether they knew who to go to in the event of a security incident. The comparison examined responses from those who completed no security awareness training, annual training, quarterly training, and monthly training.
The results showed that for those who had completed no security awareness training in the previous 12 months, 21% did not know who to go to within their organization. For those who had completed annual training, this number reduced to 17%. Of those who completed quarterly training, the number further reduced to 15%, and of those who completed monthly security awareness training this further reduced to 12%. These results evidence that regular training is vital for employees to maintain knowledge about basic elements of security policy. Organizations looking to improve their security based communication should consider increasing the frequency of employees’ security awareness training. Industry differences are discussed.
Executive Summary
It is imperative that organizations are able to respond quickly and effectively in the event of cyber security incidents. A vital part of that process is that employees know who to contact in the event of a security incident. This report demonstrates that the more regularly training is completed by employees, the more of them will know who to contact in such an event. Over a fifth of employees who had completed no security awareness training in the previous 12 months did not know who to contact within their organization should a security threat occur. Global analysis of those who had completed monthly training found an increase in knowing who to go to in 62% of global employees. Further, the overall improvement for knowing who to go to doubled in those who completed monthly over annual training.