Untrained Employees Pose Major Risk to Organizations Due to Uncertainty of Security Reporting

Staff Report

Thursday, September 29th, 2022

KnowBe4, provider of the world's largest security awareness training and simulated phishing platform, announced the release of a report from its research team that shows without training, 21% of the untrained global workforce did not know who to go to when faced with a threat.

The minutes that lapse between an employee seeing a potential security threat and the right person in an organization receiving the information can make the difference between warding off or leaving the door open to an intrusion. This makes ensuring employees know when to report a threat, and who to report to, a vital security step for organizations of all sizes.

In the study, annual security training reduced that percentage to 17%. But it is repetition that creates the most significant change – overall improvement on knowing who to go to doubled in those who completed monthly versus annual training.

The report includes an assessment of training frequencies across industries, with Education, Technology and Healthcare and Pharmaceuticals coming in lowest on monthly training, meanwhile, Hospitality and Transportation are leading at 28 and 20% respectively.

Across industries, the report shows that increasing the frequency at which employees complete security awareness training has an almost universal positive influence. Without the benefits obtained by frequent training, employees are left to decipher security instructions on their own, lacking proper guidance and ultimately putting the organization at higher risk for mishandling a security incident.

According to KnowBe4 CEO Stu Sjouwerman, "Monthly training brings about an improved understanding of the terminology and knowledge about why the procedures are in place, as well as the correct channels for communication of threats. As the data demonstrates, ensuring that this vital information is communicated regularly is a necessary step in securing an organization of any size and contributes to creating a stronger security culture."