As cyber threats become increasingly sophisticated, nearly 70 per cent of organisations worldwide report that their employees lack fundamental cybersecurity awareness, according to the 2024 Security Awareness and Training Global Research Report released by Fortinet. The findings underscore the critical need for businesses to invest in comprehensive training to mitigate risks, especially as cybercriminals leverage artificial intelligence (AI) to enhance the scale and complexity of their attacks.
John Maddison, Chief Marketing Officer at Fortinet, emphasised the growing importance of employee vigilance, noting that as threat actors use AI to improve their methods, organisations must prioritise cultivating a culture of cybersecurity. He highlighted Fortinet’s contributions to this effort through its Security Awareness and Training service, including a free version available for schools globally. Maddison stated: “As threat actors harness new technologies like AI to augment the sophistication of their attacks, it’s increasingly crucial that employees serve as a robust first line of defence. These findings reinforce the importance of our award-winning Security Awareness and Training service and its role in strengthening cyber resilience.”
The report reveals significant challenges for organisations as they navigate an evolving threat landscape. Many leaders expressed concern about their employees’ ability to recognise and respond to sophisticated threats, particularly those involving AI-powered phishing schemes. The percentage of leaders who believe their workforce lacks essential cybersecurity knowledge has grown to 70 per cent in 2024, compared to 56 per cent last year.
Despite these challenges, organisations have seen positive results when implementing security awareness programmes. Nearly 89% of respondents reported that their security posture improved after adopting training initiatives. Leadership teams across industries are showing overwhelming support for these programmes, with 96 per cent of decision-makers advocating for their implementation.
The survey also highlights the characteristics that make such programmes effective. Leaders agreed that engaging content plays a pivotal role in the success of training initiatives, while concise and time-efficient formats help prevent training fatigue among employees. Most training sessions are designed to last between one and three hours, striking a balance between depth and accessibility.
Fortinet’s report underscores the need to go beyond technical training and build a robust culture of cybersecurity. This cultural shift involves empowering employees to become a strong first line of defence against evolving threats. The company’s Security Awareness and Training service is specifically designed to meet this challenge by offering customisable content, progress tracking tools, and features tailored to compliance and cyber insurance requirements.
With nearly all surveyed organisations acknowledging the critical role of employee awareness in strengthening cybersecurity, the message is clear: a well-trained workforce is indispensable in today’s digital landscape. Fortinet’s findings serve as a wake-up call for organisations to prioritise comprehensive, engaging, and consistent training efforts to ensure resilience against emerging threats.
Discussion about this post