Knowing what to deal with may be robust when planning what to cowl in your group’s cyber safety consciousness coaching. Hopefully, these safety consciousness statistics will enable you determine “bother” areas that you simply’ll wish to cowl together with your staff
Cyber consciousness coaching is essential to serving to safe your group’s “human firewall” (i.e., your staff). Your staff’ means to acknowledge cyber threats relies upon largely on their information of widespread cyber assault strategies and ways. If they don’t know what to look out for, how can they shield your group in opposition to these threats?
Cyber consciousness coaching is a part of the NIST Cybersecurity Framework (v1.1), which falls beneath the Protect core perform (PR.AT). It’s about educating your staff, companions, or different related events (similar to contractors) on cybersecurity-related threats, tasks, insurance policies, and procedures. It’s additionally essential in serving to organizations adjust to business knowledge safety and privateness rules.
Unfortunately, solely 25% of organizations allocate “two or extra hours” to formal coaching yearly, (*19*) exhibits. And what makes issues worse is that employers are “punishing” and “disciplining” staff for actual and simulated assaults regardless that they hardly obtain coaching. Not good.
This article will deal with 19 necessary safety consciousness statistics it is best to know earlier than providing your subsequent cyber consciousness coaching occasion. The concept right here is that you simply’ll know what areas to deal with and the way your group stacks up in opposition to others when coaching your staff. It’s time to improve your organization’s cybersecurity posture and drive house the significance of cyber safety consciousness together with your staff (and different community customers).
Let’s hash it out.
19 Security Awareness Statistics That Can Help You Tailor Your Training Offerings
When it comes to creating your group’s cyber defenses as safe as doable, there are steps you possibly can take to make this occur. This consists of hardening your technical defenses by implementing email server security best practices and finishing up common cybersecurity risk assessments. But there’s extra that you are able to do to take your safety to the following degree — and it entails coaching your staff to extend their consciousness. (This is called safety consciousness coaching or cyber consciousness coaching.)
Here are 19 cyber safety consciousness statistics it is best to know when planning your group’s subsequent coaching session.
1. 82% of Data Breaches Are Tied to “Human Element” Related Security Weaknesses
Alright, first up on our record of safety consciousness statistics is knowledge from Verizon. The communication big’s 2022 Data Breach Investigations Report (DBIR) exhibits that eight in 10 knowledge breaches concerned human-related vulnerabilities. For instance, this consists of staff falling for phishing assaults, different social engineering ways, and unhealthy guys utilizing stolen worker credentials. This is why we determined to make this No. 1 on our record of safety consciousness statistics.
So, how are you going to mitigate these vulnerabilities? One of the best methods is to arm your staff with the information they should acknowledge potential threats and know find out how to safely reply to them. This consists of:
- Providing real-world examples of phishing rip-off emails, textual content messages, and different examples of social engineering ways.
- Educating staff about what they need to do once they obtain or open suspicious messages.
- Informing them about who they need to report security-related points and considerations to inside your group.
- Helping them perceive the processes for reporting these points.
2. 13% of Ransomware Cyber Crime Targets Fall Within the Consumer/Retail Category
Data from Microsoft’s October 2021 Digital Defense Report exhibits that shopper and retail companies are the main goal for ransomware-related cyber crimes. Their Detection and Response Team (DART) confirmed that the opposite two most focused sectors included manufacturing/agriculture and insurance coverage/monetary, which tied with 12%.
3. 69% of Companies’ Are Increasing Their Investments in Their Cybersecurity Budgets
It appears that extra corporations are beginning to put their cash the place their mouths are. PwC shares in its 2022 Global Digital Trust Insights report that almost 70% of organizations predict to extend their cybersecurity budgets in 2022 — almost 1 / 4 of which count on these budgets to extend by at the very least 11%.
This analysis aligns comparatively effectively with what Gartner expects — the analysis agency predicts that 66% of CIOs intend to increase their cybersecurity and information security investments this 12 months.
4. 36% of Organizations Report Implementing At-Scale Cyber Security Awareness and SecOps Cross-Training
More than one-third of organizations report that they’ve applied safety consciousness coaching and cross-training safety operations at scale, in response to PwC’s world digital belief report. Another 16% report that they’ve already skilled advantages from doing so, and one other 46% say they’ve already began implementing or plan to begin implementing these coaching classes sooner or later.
As far as at-scale implementations go, safety consciousness coaching and cross-training safety operations rank highest among the many 3,602 respondents relating to how these organizations prioritize their cyber safety price range investments.
5. 79% of Organizations Report Increasing Email Volume
Nearly 80% of organizations report that e mail utilization is on the rise, Mimecast studies in its State of Email Security 2022 report. Along with this bounce in e mail quantity, Mimecast researchers additionally reported a rise in email-based threats over the previous 12 months — 26% of which they labeled as “important” threats.
This shouldn’t come as a shock contemplating that emails are one of many main assault vectors in cybersecurity incidents and phishing assaults. This is why this merchandise ranks so excessive on our record of safety consciousness statistics.
6. APWG Reports That Website Phishing Attacks Have Tripled Since Early 2020
Website phishing assaults are an enormous downside, however to say the problem is alarming is a big understatement. The Anti-Phishing Working Group (APWG) reports that phishing web site detections reached an all-time excessive (316,747 in December 2021 alone) on the finish of 2021. That’s a record-setting quantity for APWG’s reporting historical past.
7. Employees’ Understanding of Phishing Dropped 15% over 2021
Survey knowledge from Proofpoint’s State of the Phish 2022 report exhibits that fewer folks perceive the time period “phishing” than you’d suppose. Phishing is a time period that’s each an assault technique in addition to a class of assault strategies. It’s generally used interchangeably with social engineering, which is a sequence of ways which are utilized by cybercriminals to get targets to cough up delicate info — their login credentials, worker or buyer info, and so forth.
In some circumstances, some subcategories of phishing assaults (e.g., CEO fraud) may even be used to attempt to get you to make fraudulent wire transfers to accounts the attackers personal.
Basically, it’s a manner for unhealthy guys to focus on your group’s folks as a substitute of hacking their manner by way of your cybersecurity technical defenses. (Why ought to they spend weeks or months attempting to hack by way of your firewall once they can merely sweet-talk, trick, or coerce one in every of your staff into giving up their credentials?) So, understanding that staff are much less probably now than they have been final 12 months to know (and, doubtlessly, acknowledge) phishing threats is an enormous deal.
8. Cyber Simulation Training Makes Employees 50% Less Susceptible to Phishing
Want some excellent news on this not-so-happy record of safety consciousness statistics? Simulated phishing coaching appears to have a notable impression on staff’ means to resist phishing assaults. Microsoft’s report that we talked about moments in the past exhibits that when staff obtain simulated phishing coaching, they’re 50% much less more likely to fall for phishing.
9. 10% More Employees Recognize What Ransomware is
Proofpoint’s State of the Phish 2022 survey knowledge exhibits that whereas the “not sure” responses are about the identical, 10% extra survey respondents indicated that they’re conscious of ransomware. That’s all effectively and good, however the greater query is: do they know find out how to acknowledge any such technique of assault earlier than it’s too late?
10. 88% of Businesses Experienced a Ransomware Attack
Alright, we’re greater than half manner by way of our record of cyber consciousness statistics. Let’s proceed on with a not-so-fun stat from Veeam.
Nearly 9 in 10 organizations skilled at the very least one ransomware assault within the earlier 12 months. Veeam’s 2022 Data Protection Trends in Small and Medium Business (SMB) research of 201 small and medium-sized companies. However, what makes issues worse is that 44% of the respondents’ knowledge was deemed unrecoverable because of the assaults. So, not solely did these organizations face the direct prices related to attempting to cease the assaults, however they then additionally confronted the ensuing potential prices related to:
- Trying to get well their knowledge,
- Sustaining regulatory fines, and
- Defending in opposition to lawsuits or offering settlements.
11. Germany Leads the Way with 85% of Employees Recognizing the Danger of Email Attachments
The cyber safety consciousness of Germany’s workforce outperforms all different Proofpoint State of the Phish 2022 survey respondents from completely different nations globally. Compare this safety consciousness statistic to the 42% of U.S. employees who’ve the misunderstanding that if an e mail incorporates a well-recognized brand, it should imply that they’re protected.
Considering that one other Proofpoint survey exhibits that 80% of businesses are breached via compromised third-party vendors, this safety consciousness statistic is especially disturbing.
12. 15% of Organizations Report Cybersecurity Events because the Most Common Cause of Outages in 2021
While there are various causes of outages, cyber assaults appear the most typical and impactful. Research from Veeam’s (a knowledge backup service supplier) 2022 Data Protection Trends Report lists “Cybersecurity Event” as the most typical and impactful cause why outages occurred 2021. This cause was adopted intently by by chance deleting, overwriting, or corrupting knowledge and basic community and infrastructure-related outages — each of which tied for second place with 14% every.
13. Organizations Rank CEO, Board Cyber Awareness Training for CEOs a Top Factor for Improving Cybersecurity
Educating organizations’ leaders is one of the simplest ways to assist them higher serve their cybersecurity objectives of making a safer digital society by 2030. This is in response to PwC’s 2022 Global Digital Trust Insights report, which exhibits that survey respondents throughout 4 geographic areas — Africa, APAC, Eastern Europe, and Western Europe — view that as the highest precedence.
14. 88% of Board Members Saw Cyber-Based Threats as a “Significant Business Risk” in 2021
Gartner’s November 2021 research exhibits that almost eight in 10 board members view cybersecurity points as enterprise dangers. This positively is smart contemplating that cyber crime is on the rise and has been for the previous a number of years. But what doesn’t make sense is that lower than one-eighth of Boards of Directors (BoDs) have devoted cybersecurity committee that board members take part in or lead.
Needless to say, that is one thing we hope to see change the following time we write about this matter and replace this record of safety consciousness statistics.
15. Compliance is the No. 1 Cost Factor Regarding Data Breaches
IBM Security’s 2021 Cost of a Data Breach report exhibits that having high-level compliance failures prices organizations $2.3 million greater than these with low ranges. Translation: Organizations that emphasize and prioritize compliance usually tend to spend much less on penalties, fines or lawsuits ensuing from knowledge breaches than their counterparts that don’t.
In a earlier function, I labored at a state faculty. There, our president on the time hammered house the concept that each worker — whether or not you’re a janitor or a vp — performs a task in serving to college students get to class in one of the best situation for studying. Virtually each presentation he made to workers and school included some variation of this message.
The similar concept interprets to your group. Even when you’re somebody whose job isn’t associated to compliance instantly, you continue to can have an oblique impression in your group’s compliance. (Keeping up a human firewall helps you forestall delicate knowledge from being compromised.) Therefore, it is best to have at the very least a fundamental understanding of the compliance necessities and what they entail. Why? Because compliance is necessary and impacts all our jobs in a method or one other. Therefore, serving to the corporate stay compliant is each worker’s duty.
Every step we take as staff — whether or not it’s accessing firm methods or emailing info to a colleague — has a possible impression on the corporate’s compliance. If one worker falls for a phishing assault and their credentials get stolen, unhealthy guys can use them to entry any knowledge or methods that worker has entry to. This may end up in a knowledge breach and result in non-compliance with numerous privateness rules.
16. 62% of CloudStrike Security Cloud Attacks in This fall 2021 Didn’t Involve Malware
CloudStrike’s 2022 Global Threat Report exhibits that the majority attackers have moved past malware and are targeted on malware-free assaults. This method, often called Living Off the Land (LOTL) assaults, entails attackers utilizing built-in instruments and legit consumer credentials to keep away from detection by conventional anti-malware and antivirus-related merchandise.
17. 79.5% of Websites Using HTTPS because the Default Protocol
HTTPS, or the safe hypertext transmission protocol, is the info transmission protocol that makes the little padlock icon seem in your net browser if you go to your favourite web sites. Basically, this protocol permits two events to alternate safe, encrypted knowledge. Data from W3Techs exhibits that almost 80% of internet sites use this protocol routinely.
During your cyber consciousness coaching occasions, train your staff the significance of visiting safe web sites solely. But when you actually wish to assist them (and your group), then train them the significance of evaluating web sites and searching for the location’s digital identification info in its SSL/TLS certificates. If they will’t confirm the identification of the group that owns the web site, it’s finest to go away the location instantly and by no means present any delicate info.
18. 52% of Workers Report Always Using a Virtual Private Network When Working Remotely
Here’s some excellent news adopted by unhealthy information: more than half of YouGov-polled workers report utilizing a digital personal community (VPN) all the time when working remotely on an organization gadget. Another 14% say they accomplish that “generally.” But because of this everybody else both doesn’t use one in any respect or, in the event that they do use one, they accomplish that sometimes.
But why is utilizing a digital personal community (VPN) a essential step when working outdoors your group’s bodily workplace? Because it implies that they’re counting on an exterior community that will (or might not) be safe. This leaves their accounts and your group’s methods and knowledge liable to compromise.
For instance, say that one in every of your staff is attending an business convention throughout the nation. After leaving their airport, they’ve bought time to kill earlier than checking into their resort, in order that they cease off at a neighborhood espresso home. When they activate their gadget’s Wi-Fi, they spot “Café Complimentary Wi-Fi” and suppose, “jackpot!” So, they hook up with it and spend just a few priceless hours getting work finished.
But what they don’t understand is that it’s not the espresso home’s community — reasonably, it’s an evil twin community (i.e., a wi-fi community that’s managed by an attacker who can intercept your communications and steal or modify your knowledge in transit). So, now, an unknown attacker now has all of the login credentials your worker used all through their connection. Now, any accounts that they logged into whereas related to that community are compromised — and so are all of your affected methods.
19. 70% of Users Whose Credentials Were Exposed in Breaches Are Still Using the Same Passwords
Last however not least on our record of safety consciousness statistics: password reuse. The rule of thumb is that if you’re knowledgeable that your account has been compromised (i.e., your e mail tackle or username and password), you’ll wish to replace your credentials as quickly as doable. This motion goals to assist forestall attackers from utilizing your compromised credentials to entry delicate methods and knowledge.
However, what’s face-palm worthy is that SpyCloud’s 2022 Annual Identity Exposure Report knowledge exhibits that almost three-quarters of individuals select to reuse passwords that have been uncovered in breaches. This is like selecting to safe your home with a key you recognize your ex (husband, spouse, important different, and so forth.) nonetheless has a duplicate of — it’s simply not a good suggestion and leaves you and your valuables in danger.
Final Thoughts on the Importance of Cyber Security Awareness
Now, we all know some key cyber consciousness statistics and why cyber safety consciousness coaching is so essential. So, what are you able to do to assist train your staff find out how to be extra “cyber conscious” and harden your group’s human defenses?
- Integrate cyber consciousness into your organization tradition. Help them really feel snug reporting suspicious emails and potential safety incidents with out worry of reprimand or reprisal.
- Require staff to finish cyber consciousness coaching. You’ll wish to provide this coaching yearly at the least. Ideally, you’ll do it extra often — and make sure you present it to all new staff as a part of their onboarding.
- Train staff in account safety finest practices. Help staff perceive the significance of utilizing distinctive passwords for each account. Password reuse is a harmful method that leaves their account — and your total group — in danger.
- Provide real-world examples of phishing emails and web sites. Looking at actual examples of phishing emails and web sites can assist your staff higher perceive find out how to acknowledge potential threats.
- Carry out common phishing simulations. Sending pretend phishing emails to your staff is an effective way to check their cyber consciousness and information to see how they reply to potential phishing emails. This supplies you with a chance to see how they apply what they be taught in your coaching and to determine new or extra areas to handle in future trainings.
- Teach staff to make use of VPN to remotely (and securely) hook up with community sources. Connecting to insecure networks is among the most harmful issues staff can do. Bad guys can intercept their delicate knowledge — similar to login credentials — in transit and use them to do a number of injury. This is why it’s important to show staff to make use of a safe, encrypted connection when touring, working from house, or entry any firm sources whereas away from the bodily workplace.
- Make e mail signatures a part of your e mail safety technique. Require staff to digitally signal their emails and train them find out how to confirm digital signatures in emails they obtain from others. Cryptographic digital signatures harness the ability of public key infrastructure (PKI) so as to add verifiable identification to emails and assist shield the integrity of the messages themselves.
Alright, that concludes our record of safety consciousness statistics. We hope you’ve discovered this record informative and helpful. Be positive to verify again with Hashed Out for different statistics-oriented content material.