Placeholder canvas

The Importance of Employee Training in Cybersecurity

While everyone raves about ChatGPT and how it has made their professional lives easier, consider this… ChatGPT and its cousins make it easier for folks with malicious intent to launch cyberattacks too. Cybersecurity Ventures estimates that in 2023 there will be about 147 cyberattacks per minute. They project that we will lose $10.5 trillion to cyberattacks by 2025.

Businesses believe they are cyber-secure with their state-of-the-art detection tools, cutting-edge security measures and automation. But these are not enough to make your organisation invulnerable. Cybercrime continues to proliferate, now fuelled by the power of AI. It’s not a question of “if we are attacked…”, but “when we are attacked…”.

Cybersecurity is no longer meant only for the IT personnel in your organisation, or just your techie colleagues. It has become one of those basic digital skills that each one of us needs to know about.

“Cybersecurity is a practice, not a product”, says Susanna Song, host of the podcast Cybersecurity Simplified. We couldn’t agree more!

You wouldn’t head out of your house leaving your front door ajar. How then is it ok for you to leave your digital doors unlocked?! Your wealth and personal finances, your organisation’s finances and intellectual property, and your customers’ private data are lucrative to cybercriminals.

But do you and your colleagues know where the cyber doors of your organisation are? Are they secure or open?

Cybersecurity training helps ensure that employees: 

  1. Become aware and capable of identifying some of the cyber-doors. They are thus protected from falling prey to phishing emails and other scams.
  2. Learn the importance of using strong passwords, protecting their personal information and not sharing information with unauthorised folks. With these practices, employees add an extra layer of security.
  3. Learn the distinction between normal and suspicious, and raise alerts sooner. Consequently, the org’s IT team can take immediate precautionary action, investigate further and handle the cyber threat, if any.

Ponemon Institute recently published a report having studied 1,003 organisations in 17 countries. They found that organisations struggle with

  1. Having the necessary cybersecurity expertise in-house; and
  2. Building a cyber-secure culture throughout their organisation.

One effective way of combating this is via customised cybersecurity awareness training programs. 

Adults focus primarily on learning things that are relevant to their work and help them perform better. Learning for the sake of learning alone usually takes a back seat. A laundry list of all possible types of cyberattacks will not be effective. The cybersecurity training needs to be relevant to the specific needs of the business.

The Ponemon study evaluated the impact of formal cybersecurity training, ad-hoc programs, and no programs in organisations. It found that formal training which also included realistic scenarios and simulations was the most effective. It noted that about 60% of organisations use realistic simulations in their training programs today. Simulations were rated highly by learners, with an NPS of 9/10.

Organisations that provide regular cybersecurity training to employees are 60% less likely to experience a data breach. The ROI for cybersecurity programs that use realistic simulations increased from an average of 30 percent in 2020 to 40 percent in 2023.

Cyberattacks are constantly evolving. By the time a cybersecurity training module is prepared, cybercriminals would have come up with newer ways to exploit loopholes. When organisations become victims of cyberattacks, it affects them in multiple ways. It may result in one or more of these

  • loss of business continuity
  • loss of reputation which leads to dropped deals and losing customers as well
  • law-suits
  • fines and penalties in cases of non-compliance

With so much at stake, it is better for organisations to invest in training their workforces and actively build a cybersecurity-aware culture at every level. Cybersecurity training should not be bucketed as a once-a-year mandatory training. The leadership must believe that employee training in cybersecurity is an ongoing process and invest in it accordingly. New employees need to be brought up to speed on current cybersecurity practices within the organisation. Periodic refresher training is needed for all employees. It is also necessary to evaluate the effectiveness of the training and plan appropriate interventions to fill gaps.

When employees feel empowered with the knowledge and tools to keep themselves and their organisation cyber-secure, it boosts their morale and helps them perform their roles better. Any business with happy, productive employees is one that grows!

Leave a Reply

Your email address will not be published. Required fields are marked *