Yubico, a manufacturer of security keys headquartered in Silicon Valley, recently released the findings of a cybersecurity study they conducted earlier this year. They asked 20,000 people from 10 countries several questions concerning their personal experiences and training at work. One alarming fact stood out to me:  When it comes to cybersecurity awareness training, 40% of employees say they have never received any kind of training from their employers!  In this age of ubiquitous phishing and other social engineering-based hack attempts, that large number is shocking. Especially so as AI has jumped into the game to make phishing attempts SO much more difficult to detect.

Let’s dig more into the cybersecurity training shortfalls exposed by the study, and talk about solutions.

Personal Accounts Most Attacked

One revelation was this: Of the attempted phishing attacks experienced by those surveyed, 70% said they’ve been exposed to cyber-attacks in their personal lives within the past 12 months, while 50% had experienced such attacks at work. The most compromised accounts were all personal: social media, payment, banking and messaging apps, and online retailer accounts. This shows us that employer-provided training needs to be holistic and encompass employee’s habits outside of the workplace just as much as within. After all, a failure to secure personal accounts  – particularly now that remote work and the use of personal devices for work are becoming more commonplace – can easily put workplace accounts at risk.

Uneven Training Standards

Another eye-opener from this study was that 41% of those surveyed said security measures and requirements differ based on role and title at their company.  This, even though every employee in an organization is a potential target, and access by a bad actor to one employee at any level can expose all employees – and the organization as a whole – to financial and reputational damage.

The Importance of Security Culture

It is critical – and urgent – that a strong culture of security awareness be built through regular, universal and holistic employee training.  While the expression “It takes a village” may seem cliché, it couldn’t be more apropos in when it comes to cybersecurity. Every employee, from CEO to part-time intern, needs to not just receive training, but the atmosphere of your organization needs to showcase the importance of secure practices and behavior as part of everyday workplace ethos.

It is clear: Only by fostering a strong culture of security awareness and ensuring consistent, holistic training for employees at every level, can organizations better protect themselves against potential cyber-attacks and safeguard their financial and reputational integrity.