informa
Slideshow

6 Reasons Security Awareness Programs Go Wrong

While plenty of progress has been made on the training front, there's still some work ahead in getting the word out and doing so effectively.
1. Security Pros Get Too Technical with Top Management
2. Companies Don't Spend Enough Time Training Execs With Financial Responsibilities
3. Managers Across the Business Aren't Encouraged to Participate
4. Companies Don't Recruit Natural Leaders
5. Companies Don’t Sell the Personal Benefits of Security Awareness Programs
6. Companies Don't Plan Properly or Test Thoroughly Enough
1/6

Good news on the security awareness training front: Wombat Security reports that 95% of companies they surveyed now train end users on how to identify and avoid phishing attacks, up from 86% in 2014.

Even more good news: The training also has had an impact. Roughly 54% of security pros said they have been able to quantify reductions in phishing susceptibility based on training activities, according to Wombat's "2018 State of the Phish" report.

"There's been an increase in interest over the past year," says Gretel Egan, brand communications manager for Wombat Security, which is a division of Proofpoint. "A few years ago many scoffed at the idea of security awareness training, but now they realize that it can only benefit their company."

Yet there's still some work ahead in getting the word out and doing so effectively. That means understanding where companies go wrong with their security awareness training – and how to correct it.

 
Next slide
Recommended Reading: