A cyber awareness training firm’s survey may offer insights on whether increased training frequency improves employees’ understanding of crisis management instructions.
In a survey of students/graduates of a firm’s global security awareness courses regarding their past year’s cyber awareness training frequency, data pointed to the trend that increasing the frequency of security awareness training improved respondents’ reactions to security breaches—by enhancing their understanding of security instructions.
Involving mostly students in North America (398,706) and relatively small sample populations in Asia (16,652), Oceania (15,330), Latin America (3,968), Africa (40,853) and Europe (50,946), the survey questions examined two aspects: the respondents’ perceptions of how clear their employer’s instructions in the event of a security incident were; and the amount of security awareness training respondents had received in the last 12 months.
All responses were compared against respondents with either no security awareness training or annual or quarterly or monthly training. The findings include:
- 84% of respondents’ understanding of their employers’ security instructions had been increased by security awareness training.
- Those who had received quarterly training gave clarity ratings that were 8% higher than those with no training. Those who had received monthly training gave clarity ratings that were 12% higher than those without training.
- 70% was the average clarity rating by respondents.
- In terms of security awareness training by industries, respondents in the Hospitality industry were noted as having the highest frequency of no security awareness training; the lowest perceived levels of clarity of instructions in the event of a security incident was found in Education industry respondents.
According to Kai Roer, Chief Research Officer, KnowBe4, which commissioned the survey, organizations looking to improve their communication efforts with employees regarding what to do in the event of a security breach should implement security awareness training more regularly: “Without the benefits obtained by frequent training, employees are left to decipher security instructions on their own, lacking proper guidance and ultimately putting the organization at higher risk for mishandling a security incident.”