61% Of Employees Fail A Basic Cyber Security Test

Uploaded on 2021-04-20 in TECHNOLOGY--Resilience, JOBS-Training, FREE TO VIEW

Currently damages relating to cyber-crime are expected to reach $6 trillion in 2021  and now 90% of organisations are facing an increase in cyber attacks due to the pandemic.  With cyber attacks increasing dramatically after the pandemic, TalentLMS and Kenna Security teamed up to gauge employees’ awareness of cyber security risks.

Their analysis shows that the current methods of training are insufficient and not working wellAlmost 70% of employees polled in a new survey have had cyber security training, but over sixty percent failed a basic cyber test.

This was one of the leading findings of the  TalentLMS / Kenna Security survey, that sought to understand the cyber security habits of some 1,200 workers, as well as their knowledge of best practices and ability to recognise security threats.

  • Only 17% of those surveyed who work in information services passed the quiz, compared to 57% of health care employees. And yet, 93% of respondents working in information services reported receiving cybersecurity training, compared to 67% of healthcare respondents. 
  • 60% of employees who failed the cyber security quiz reported that they feel safe from threats. Incredibly, 74% of respondents who answered every single question incorrectly report feeling safe. 
  • Despite their largely inherent familiarity with technology, employees aged 18-24 collectively performed the worst on the quiz, with only 16% passing. Among age demographic groups, 25-to-34-year-olds tied with those aged 54 and over for the best collective performance, with a pass rate of 43%.

These results certainly serve to emphasise the importance of organisations using effective and proven training solutions and organisations should hold repetitive simulated phishing assessments and additional training throughout the year. 

Commenting on the survey results Hank Schless, at mobile security solutions firm  Lookout said, “Be sure to constantly run security training and include mobile in those sessions... Consider any text, email, WhatsApp message, or communication that creates a time-sensitive situation a red flag. Users should approach any suspicious messages with extreme caution, or go straight to their IT and security teams to have them examine it first.”

James McQuiggan, security awareness advocate at KnowBe4, said organisations should hold repetitive simulated phishing assessments and additional training throughout the year, in addition to computer-based training. “Make the training engaging [and] interactive and provide users with an emphasis on protecting their passwords, watching out for phishing links and what it takes to protect the organisation as much as the IT and infosec departments,” 

When asked what would make cyber security training more engaging, 52% of employees said they would like it to be presented in a simpler and less technical way, while 50% would like it to be more fun and gamified. Even though the training had a positive impact on some aspects of employees’ cybersecurity habits, such as protecting their computers and correct password management, they were not consistent across all areas.

It is vital that to be really effective, cyber security training programmes address all the potential vulnerabilities that could threaten the organisation.

TalentLMS:     SCMagazine:      Help Net Security:       Security Brief:     DevOpsOnline:    Image:Unsplash

 For a cost effective Report on your organisation’s cyber security and training requirements, please contact Cyber Security Intelligence and we will recommend the right economic cyber training and cyber audit for your organisation. 

You Might Also Read: 

Cyber Security Insights For Executives:

 

« Industry 5.0 Will Transform The Workplace
Cyber Threats & Nuclear Dangers »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

OCERT

OCERT

OCERT is the National Computer Emergency Response Team of Oman.

Inky Technology Corp

Inky Technology Corp

Inky® Phish Fence is an email protection gateway that uses sophisticated AI, machine learning and computer vision algorithms to block deep sea phishing attacks that get through every other system.

Keepnet Labs

Keepnet Labs

Keepnet Labs is a phishing defence platform that provides a holistic approach to people, processes and technology to reduce breaches and data loss and presents anti-phishing solutions.

Crayonic

Crayonic

Crayonic digital identity technologies protect and guarantee the identity of people and things.

IAmI Authentications

IAmI Authentications

IAmI is a first in Tokenization Cloud-based IAM Security Services, delivering the most advanced form of Two-Factor Authentication.

ArcRan Information Technology

ArcRan Information Technology

ArcRan concentrates on developing comprehensive cybersecurity solutions for smart city applications. We believe that cybersecurity is the fundamental enabler of IoT development.

Salvador Technologies

Salvador Technologies

Salvador Technologies provides the world’s fastest technology to recover from cyber-attacks.

CyberEdBoard

CyberEdBoard

CyberEdBoard is a private, peer-to-peer education and networking community focused on cybersecurity, technology, business processes and risk management.

Secureframe

Secureframe

Companies from startups to enterprises use Secureframe to automate SOC 2 and ISO 27001 compliance, complete audits, and continuously monitor their security.

CERT.JE

CERT.JE

CERT.JE is responsible for promoting and improving the cyber resilience across the critical national infrastructure, business communities and citizens in Jersey.

Onyxia Cyber

Onyxia Cyber

Onyxia's unique dynamic cybersecurity platform identifies gaps and prioritizes recommendations for proactive cybersecurity strategy, performance, remediation and management.

Trojan Horse Security

Trojan Horse Security

Trojan Horse Security are specialists in corporate security. Our services include: Comprehensive Cyber Security Analysis, Penetration Testing, Network Security and Security Audits.

CUBE3 AI

CUBE3 AI

CUBE3.AI is a web3 security platform that provides real-time transaction protection for smart contracts, safeguarding against cyber exploits, fraud, and compliance risks.

eGeneration

eGeneration

eGeneration is one of the leading technology solutions and system integration companies in Bangladesh.

SiyanoAV

SiyanoAV

SiyanoAV's range of antivirus products delivers strong protection against various cyber threats, including malware, ransomware, phishing schemes, and beyond.

Archipelo

Archipelo

At Archipelo, we empower organizations with Developer Security - to increase software security and compliance throughout the development lifecycle.