Some form of cybersecurity awareness training has been implemented in 97 percent of enterprises this year, according to a new survey of 1,900 security professionals from ThriveDX.

However, only 42 percent report involving their employees in security detection with the use of such measures as a Phishing Incident Button, while 65 percent agree that their training program needs expansion.

“These statistics tell us two things. The first is that cybersecurity awareness is now reaching its adolescence with almost universal agreement that regular training improves enterprise security in a way that technology alone cannot,” says Aaron Bostick, CISO, North America at ThriveDX. “Secondly, these numbers show us that we still have a long way to go to reach maturity and an understanding that the only true way to mitigate modern cyber risks is by positively changing employee behavior and building positive security cultures within our companies.”

Training clearly pays off, with 19 percent reporting better awareness; 14 percent greater vigilance; 12 percent saying they increased their ‘human firewall’ and 99 percent reporting an increase in corporate security. 96 percent also note a positive influence on their enterprise’s overall working atmosphere.

The biggest challenges to implementing awareness programs are cited as achieving user acceptance (25 percent), workload and resources (22 percent) and program execution (14 percent). The use of mission statements, policies, guidelines, metrics and systematic training is increasing too with 58 percent of respondents reporting some form of security awareness regulations now in place.

“This really validates the human-centric approach that we take towards security awareness,” Roy Zur, CEO of ThriveDX for Enterprise, says. “Involving employees, offering customized security awareness training, and gaining their commitment to security is the number one way to mitigate cyber risk.”

The full study is available from the ThriveDX site.

Image credit: tashatuvango/depositphotos.com