The technology is often 'one-size-fits-all' and seen as a checkbox option.
Organisations struggle to implement effective, scalable security awareness training (SAT) programs that reduce the human factor risk.
According to research from Abnormal AI, whilst most organisations surveyed (99 percent) suffered a security incident tied to human error in the past year, these programs apparently exist only to satisfy regulatory or insurance requirements, which results in stale content, minimal engagement, and a perception of training as “checkbox compliance.”
Unfortunately, the amount of time and effort required to run an effective SAT program was shown to be a major blocker preventing organisations from achieving success: 83 percent of respondents agreed that their current SAT tools require substantial effort to operate and maintain, with more than half (53 percent) agreeing that the effort required to run them outweighs their impact.
“When SAT content is one-size-fits-all and delivered against an annual or quarterly schedule to check a box, it can feel like a chore that employees are apt to tune out - and that opens the door to costly breaches,” said Mike Britton, CIO of Abnormal AI.
“Attackers’ most vulnerable targets are people, not systems, and reducing avoidable user actions - like clicking on a suspicious link - needs to be front and centre.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
