14 Nov 2018

KnowBe4, provider of the world’s largest security awareness training and simulated phishing platform, announced the results of an independent survey, which found that an overwhelming majority of corporations – 96% – say security awareness training improved their corporate security culture. Further, an 86% majority of respondents say the training lowers the overall risk posed by cyber security scams.

These are the findings of the KnowBe4 2018 Security Awareness Training Deployment and Trends Survey, an independent web-based survey that polled 1,100 organisations worldwide in September 2018. The study queried organisations on the leading security threats and challenges facing their firms as cybersecurity attacks increase and intensify.

Helping organisations in repelling hacks

The survey data showed that security awareness training helps organisations recognise and repel hacks in a majority of instances"Social engineering – such as phishing scams – now ranks as the number one cause of network hacks, and email is usually the chief culprit,” said Stu Sjouwerman, CEO, KnowBe4. “Security breaches disrupt productivity and put organisations, their data assets, intellectual property, employees and customers in danger. The survey data showed that security awareness training helps organisations recognise and repel hacks in a majority of instances.

The study also polled organisations on the initiatives they’re taking to more proactively combat the growing diversified and targeted cyber threats. The study found that 88% of respondents currently deploy security awareness training tools. The businesses report that security awareness training is an effective mechanism that has an immediate impact on minimising risk and positively changing employee culture.

Other top survey findings include:

  • Social engineering was the top cause of attacks, cited by 77% of respondents, followed by malware (44%); user error (27%) and a combination of the above (19%) and password attacks (17%).
  • Some 84% of respondents said their organisations could quantify the decrease in successful social engineering attacks (e.g., phishing scams, malware, zero day, etc.) after deploying security awareness training to their end users after just a few simulated exercises. This is based on 700 anecdotal responses obtained from the essay comments and first-person interviews.
  • On average, respondents reported that social engineering cyber hacks like phishing scams and malware declined significantly from a success rate of 40%-50% to zero to five percent after firms participated in several KnowBe4 security awareness training sessions.
  • Almost three-quarters – 71% of survey participants – indicate their organisations proactively conduct simulated phishing attacks on a monthly, quarterly or weekly basis.