Organisations May Fail to Prepare Employees for Cybersecurity Threats

A recent survey conducted on behalf of KnowBe4, the provider of the world’s largest security awareness training and simulated phishing platform, has found that of a thousand recently furloughed employees, 41% admitted that their company had never offered them a security awareness training course, while 14% have gone as far as to say that their employer has not taken security seriously enough.

While a quarter of organisations did implement added security measures such as multi-factor authentication in the last six months, much still remains to be done; particularly, when it comes to reinforcing the human firewall. Of those who did receive training, 29% of respondents conceded that it had been at least six months or more since the last training course. It presents concerns, seeing as 42% of respondents chose to sort through their emails quickly upon return to work in an effort to get back to business as usual; therefore, increasing the likelihood of an individual falling victim to a phishing attack.

In fact, a quarter of respondents admitted that they had received a phishing email in the last six months relating to COVID-19 or furlough. Within that same period, 12% acknowledged that they are aware of a security incident that has taken place in their organisation. Moreover, the study found on average, respondents have received unexpected meeting notifications twice a week.

“Since the mass shift to remote working earlier this year, we have seen an undeniable amplification in cyberattacks. Although security measures are a fundamental aspect to safeguarding organisations from such malicious activity, the fact is that bad actors will be targeting your Achilles heel. That is, the people,” said Javvad Malik, security awareness advocate at KnowBe4. “Bad actors often look to leverage the fear and uncertainty of today’s circumstances to trick unsuspecting individuals. As such, it is pivotal that an organisation’s security strategy includes on-going security awareness training. This is especially true as cybercriminals innovate and adopt new methods such as employing phishing links disguised in meeting invites. As we saw recently with the collapse the Australian hedge fund, Levitas Capital, the consequences can be devastating.”

Other key findings from the research carried out by Censuswide on behalf of KnowBe4:

  • 26% of respondents believe they have a better understanding of what secure remote working is as a result of company-provided security awareness training, while 34% attribute their understanding to their own research.
  • When it came to training provided by their employer, 26% of respondents undertook professional development, compared to 22% who received security awareness training.
  • Of the respondents whose organisation had implemented security measures, only 7% viewed them as a barrier to work. 40% of respondents recognise that the measures are necessary despite finding them annoying, and 59% shared that they felt reassured by the controls.
  • Upon return to work, 14% of respondents either deleted all their emails or ignored/archived them, while 10% had their emails managed by their employer or a colleague over the furlough period.
  • Only 7% of respondents received a security awareness refresher course upon return to work.

The full report is available here:


Article Rating