Combatting The Security Awareness Training Engagement Gap
Security Boulevard, Wednesday, January 1st, 2025
Despite years of security awareness training, close to half of businesses say their employees wouldn't know what to do if they received a phishing email.
According to a US government-backed study, one of the main reasons for the lack of impact of cyber security training is 'waning engagement and growing indifference.'
Why are traditional security awareness training programs not efficient, and what can organizations do to change the tide?
Phishing Simulations Can Leave a Bad Taste for Employees
Crafting effective phishing awareness training takes sensitivity so that employees don't feel tricked or put under the spotlight, and to ensure the content itself doesn't cause offense. A recent example of phishing gone wrong happened at UC Santa Cruz, where Information Security personnel sent a phishing simulation that claimed a case of the deadly Ebola virus had been found on campus. Stakeholders at the university called the simulation 'irresponsible and in poor taste.'