We use cookies to analyze our traffic. We also share information about your use of our site with our social media, advertising and analytics partners who may combine it with other information you have provided to them or that they have collected based on your use of their services. Read how we use cookies and how you can manage them by clicking on "Preferences".

Preferences Accept

Privacy Preferences

When you visit our website, the website may store or retrieve information via your browser, usually in the form of cookies. Since we respect your right to privacy, you can choose not to allow the collection of data from certain types of services. However, not allowing these services may affect your experience.

Privacy policy

You have read and agreed to our Privacy policy

REQUIRED
LinkedIn & Twitter

We use the LinkedIn and Twitter services to enable social networking content on this site.

Google Analytics

We use Google Analytics to analyze website traffic.

Privacy policy
  • Home
  • News
  • Ineffectiveness of security awareness
15 Feb

The ineffectiveness of security awareness programs and solutions for improvement

Many companies invest time and money in security awareness training for their employees, but this appears to have no effect on 74% of these employees. This is of course a major problem, as a well-trained employee is one of the most important lines of defense against cyber-attacks. In this article we describe why many security awareness training courses do not work and how to solve this.

 

The biggest reasons why security awareness training doesn't work

One of the biggest reasons why security awareness training doesn't work is lack of management involvement. Many people think that management considers security awareness unimportant because they do not propagate it and therefore do little with it. As a result, the training remains superficial, and the employees are not really aware of the risks and how to deal with them. Another reason why these trainings often don't work is that they are often only offered once. After the training it is done and nothing more is done to continue to train the employees and remind them of the risks. As a result, the information is quickly forgotten and security lags behind. But many training courses are simply not relevant for employees. They are often outdated, too childish, too technical or not tailored to the specific situation of the company. As a result, employees quickly become disinterested, they do not get useful information from the training and drop out. In addition, often no follow-up is done after the training, to see whether the training was effective and whether adjustments need to be made. As a result, the ineffectiveness of the training goes unnoticed and no action is taken to improve the situation.

How can you make security awareness work

These are a number of reasons why security awareness training often does not work. Fortunately, there are also options to solve this. One of the most important solutions is to make the training more relevant. For example, instead of childish animations, you can show videos of situations with real actors, so that employees can identify with them. This makes them much more involved and they remember the information better.

Offer it regularly

Another solution is to offer the training regularly. Regular repetition ensures that the information sticks better and employees remain aware of the risks. As a result, they are better able to protect themselves and the company against cyber attacks. It is important to tailor the training to the specific situation of the company. This can be done, for example, by looking at which specific cyber risks the company runs and adjusting the training accordingly. As a result, employees are better able to prepare for the specific situation in which they find themselves.

Measure the effectiveness of the training

Finally, it is important to measure the effectiveness of the training and to make adjustments if necessary. This can be done, for example, by testing employees before and after the training on their knowledge of security risks or by measuring the number of security incidents within the company. This makes it possible to see where improvements can be made and action can be taken to improve the situation.

It turns out that many security awareness training courses are not effective, but fortunately there are solutions to solve this. By making the training relevant, offering it regularly, tailoring it to the specific situation of the company and measuring its effectiveness, companies can ensure that their employees are better protected against cyber attacks. It is therefore important that companies prioritize the effectiveness of their security awareness training.