Making security awareness training work

Most security experts would agree that the weakest link in the security chain is human. There is an increasing acknowledgement that all employees need to have some level of understanding of the part they can play in keeping an organisation's systems and data secure. Many organisations are providing security awareness training but there is real concern that this is simply not working. In fact, a recent survey by Axelos has found that professionals responsible for security awareness training were reporting that the training was largely ineffective. 1 All employees need to have some level of understanding of the part they can play in keeping the organisation's systems and data secure. However, a significant number of companies never carry out training to help employees spot email-based cyberattacks and many others do so only once, when the employee joins them. Although organisations often provide security awareness training, there is real concern that this is simply not working, explains Tracey Caldwell.