Research has been conflicted with regards to how often security awareness training needs to be undertaken in order to effectively implement changes in behaviors and knowledge (Stewart et al, 2012; Pattinson et al, 2017, Gundu er al, 2019). In this report we examine how clearly security instructions are understood by employees relative to the amount of security awareness training they have taken in the last 12 months. The comparison examined responses from those who completed no security awareness training, annual training, quarterly training, and monthly training. Data pre-processing revealed that no organizations implemented annual training. Statistical analysis for the remaining frequencies revealed an 84% correlation between training frequency and rating of instructions. Further examination revealed this increase occurred both between no training and quarterly training, as well as quarterly training and monthly training consistently across all industry types. Those with increased frequencies of training had a clearer understanding of instructions from their organization in the event of a security incident. Organizations looking to improve their security based communication should consider increasing the frequency of employees’ security awareness training.
Executive Summary
Having security policies in place is an essential part of maintaining a good and strong security culture, however a policy is only effective if the employees are able to understand its instructions. This report examined how clear employees felt instructions were from their organizations with regards to what to do in the event of a security incident. The average clarity rating was 70/100, however a closer look at the data revealed that the clarity rating varied greatly depending on how much security awareness training had been completed in the last 12 months. Those who had received training on a quarterly basis gave an average clarity rating that was 8% higher than those who had completed no training. This number increased to 12% for those who completed monthly training. In 84% of cases, security awareness training increased employees’ understanding of security instructions.