Companies should provide security awareness and training for all employees, technical cybersecurity skills for IT and security staff and advanced security solutions for the network. — Photo of Fortinet

Fortinet, the global cybersecurity leader driving the convergence of networking and security, has released its annual 2024 Security Awareness and Training Global Research Report, highlighting the crucial role a cyber-aware workforce plays in managing and mitigating organisational risk.

The report found that nearly 70 per cent of organisations say their employees lack fundamental cybersecurity awareness. The survey was conducted among more than 1,850 executive-level and management-level professionals from 29 different countries at organisations with security awareness and training.

Survey respondents came from a range of industries, including manufacturing, financial services and technology and professional services.

“As threat actors harness new technologies like AI to augment the sophistication of their attacks, it’s increasingly crucial that employees are a robust first line of defence," said Chief Marketing Officer at Fortinet, John Maddison.

"Fortinet’s new research underscores the importance of creating a culture of cybersecurity and the need to deploy organisation-wide cyber awareness and training.

"These findings reinforce the significance of our award-winning Security Awareness Services offering for enterprises, as well as our free educational version available to school districts worldwide, in strengthening cyber resilience,” he said.

The report showed that as malicious actors use AI to increase the volume and velocity of their attacks, leaders believe these threats will be harder for their employees to spot. More than 60 per cent of respondents expect more employees to fall victim to attacks in which cybercriminals use AI.

However, the good news is that 80 per cent respondents also say enterprise-wide knowledge of AI-augmented attacks has made their organisations more open to implementing security awareness and training.

Employees can be an organisation’s first line of defence, but leaders are increasingly worried that their employees lack security awareness. Nearly 70 per cent of those surveyed believe their employees lack critical cybersecurity knowledge, up from 56 per cent in 2023.

Leaders recognise the importance of security awareness training, but believe specific attributes make some training programs more effective than others.

Three-quarters of leaders say they plan their security awareness campaigns, delivering content monthly or quarterly. Executives also point to high-quality content playing a leading role in the success or failure of the programme.

One prominent way cybercriminals use AI is to make phishing schemes more believable and harder to detect. Because phishing targets individual users directly, organisations are heavily focused on teaching employees how to recognise and avoid falling victim to these attacks.

While security and IT teams are crucial to safeguarding organisations against cyberthreats, an enterprise’s employees also play an important role in preventing breaches.

Most organisations are motivated to introduce security awareness and training based on their experience of being breached or knowledge of threats in their industry or sector. Almost all decision-makers say their leadership team supports implementing training to raise employees’ cybersecurity awareness.

According to this year’s survey, 97 per cent of leaders think increased employee awareness would strengthen the organisation’s cybersecurity wall. Yet respondents also agree that there are key attributes of training programmes that are important for any protections to be effective. — VNS