3 key factors to make your cybersecurity training a success

The digital economy continues to evolve at a rapid pace, bringing new technologies, such as AI to every individual and industry around the globe. While AI benefits our society in numerous ways – from transforming sectors such as healthcare and education – cybercriminals are rapidly taking advantage of these tools.

Threat actors are harnessing technologies, including AI, to augment the volume and velocity of their attacks, making it inevitable that enterprises will fall victim to a cyberattack. Nearly 90% of organizations experienced one or more cyber incidents last year.

While there is rarely a single cause of a cyber incident, security and IT leaders say that multiple factors increase the likelihood of a breach, including having an IT or security staff that lacks the right skills (58%), as well as a lack of employee security awareness (54%).

The World Economic Forum Strategic Cybersecurity Talent Framework, released earlier this year, sheds light on the challenge. It states:

“As a systemic risk, there is growing concern about the potential impact of the cybersecurity workforce deficit on national security, critical infrastructure and the overall resilience and security of economies and societies. Moreover, the proliferation of cutting-edge technologies – such as generative AI, quantum computing and internet of things (IoT) – introduces new risks, expanding the attack surface and, therefore, further amplifying the need for a cybersecurity workforce equipped with evolving know-how.”

Since most malicious efforts target users directly, cybersecurity training and awareness initiatives are vital parts of an effective risk management strategy.

Employees can serve as a strong line of defence against attacks but only when equipped with the proper knowledge.

According to a Fortinet report, more than 80% of organizations surveyed have existing security awareness training programmes.

Yet as technology quickly evolves and attackers advance their techniques, executives must consider key attributes when refreshing or creating a cybersecurity awareness training initiative.

A leading concern among executives is AI-driven attacks, with more than 60% of leaders expecting their employees to fall victim to attacks in which cybercriminals use AI.

Nearly all executives are already taking steps to combat potential attacks – 96% of those surveyed say their security teams are researching, implementing or already have incident response plans that focus on mitigating AI-related threats.

However, one of the primary ways threat actors use AI is to make phishing schemes harder to detect. Because phishing attempts target individual users directly, organizations must focus on teaching employees how to identify and avoid these attacks.

As a result, organizations are reevaluating their risk management strategies, including how cybersecurity education and awareness training must evolve as attackers embrace new technologies and tactics.

Most leaders say phishing prevention is part of their training programmes and plans. Other topics leaders prioritize include data security (48%) and privacy (41%).

While each organization takes a unique approach to cybersecurity education, one thing is clear: regular training and awareness are imperative to building a cyber-aware culture.

Fortinet research shows that 96% of executives believe more organization-wide training and awareness will help reduce cyberattacks. This awareness is undoubtedly crucial for enterprises but also benefits individuals in their personal lives.

When leaders support security awareness and training, organizations are more likely to see improvement after implementation. An overwhelming majority (89%) say their organization saw at least some improvement in its security posture after security awareness and training were implemented – and not a single respondent said they saw no progress.

Cyber awareness programmes – key factors

It’s encouraging to see cyber risk management becoming a corporate priority. As executives reevaluate an existing or develop a new cyber education initiative, key factors to consider can increase the programme’s chances of success.

Cybercriminals will continue evolving their methods, making security awareness and training efforts a foundational element of every organization’s risk management programme.

Beyond teaching individuals how to identify and respond to threats, awareness and training help create a broader culture of cybersecurity that benefits not just industry but individuals and society at large, today and in the future.