How Often Should Businesses Run Cybersecurity Awareness Training?

Every industry is at risk for a cybersecurity disaster caused by mishandled email. An estimated 97% of employees in a wide array of industries are unable to recognize a sophisticated phishing email. To mitigate that risk, companies must increase their commitment to cybersecurity awareness training that includes phishing resistance, a proven winner in the fight against cybercrime – and unfortunately, 62% of businesses don’t do enough cybersecurity awareness training. 

In a UK study on companies running phishing simulations, researchers discovered that 40 – 60% of their employees are likely to open malicious links or attachments. However, the study also showed that consistent cybersecurity awareness training made a huge difference in those employees’ behavior when considering email. In follow-up testing, after about 6 months of training, the percentage of employees who took the bait dropped 20% to 25%. Further training produced a steeper drop. After 3 to 6 months more training, the percentage of employees who opened phishing messages dropped to only 10% to 18%.   

But just running a few training courses for your staffers isn’t enough to foster strong cybersecurity awareness. Running training courses regularly is vital to gaining and keeping awareness. In a report from consulting giant Accenture detailing the characteristics of a cyber resilient organization, researchers place the ideal number of training courses for employees each year at 11, or just a little under one per month. This prevents courses from becoming rote but still keeps the topic fresh in employees’ minds.

Why so frequently? Usenix found that the knowledge and savvy that employees gain from security and phishing awareness training is forgotten over time. In a study of cybersecurity awareness training retention, test subjects went through a single training course. Researchers then retention tested them four, six, eight, ten and 12 months later. The findings concluded that the longer the test subjects went from the original training date, the worse their memory was of what they’d learned. The sweet spot for retention was at four months. Once the testers passed that mark, their retention dropped dramatically until their performance at ten months was the same as it was when they started the study. 

Don’t wait to protect your business and your clients from phishing. Implement a security awareness training program with BullPhish ID that’s both effective and cost-effective now. The newly refreshed BullPhish ID is bursting with features that make training easy for trainers and trainees, including a convenient training portal that can be quickly personalized. Plus, trainers can choose from more than 100 premade plug-and-play-phishing simulations in 7 languages. Or fully customize content to reflect the actual threats that employees face every day in a flash. 

The training tools that you need to reduce the risk of phishing damaging your business are available now in the new BullPhish ID at an excellent value. Contact our solutions experts today to get started.  

Fuente: ID Agent.