Organisations are completely disconnected from reality when it comes to teaching their employees cyber-security, leaving huge gaps in their virtual defences.
Those are the results of a new research by AXELOS, which says the current methods are outdated and the knowledge shared through these methods are quickly forgotten.
According to the research, 82 per cent of companies are using traditional learning methods, which include computer-based training and e-learning, while less than a third use some of the newer techniques, like simulations, animations or games.
Less than half of companies (46 per cent) go beyond the annual e-learning refresher courses, and that’s an issue.
“Organisations are still trusting in their annual, cyber awareness e-learning,” said Nick Wilding, head of cyber resilience best practice at AXELOS. “To expect this approach to influence resilient behaviours is unrealistic. Typically, this one-off course – required once, designed once, delivered once and completed once – is also forgotten at once.”
“It risks leaving staff ill-prepared and unaware of the practical things they can do more effectively to manage the daily risks they face. We need a new approach: just as technical controls will evolve and adapt in response to changing threats and vulnerabilities so we need to ensure all our people receive practical and engaging advice and refresher learning on a regular basis throughout the year.”
Even though basically every senior manager (99 per cent) believes training is essential to minimising security risks, less than half (47 per cent) are modifying the training in relation to what the employees are doing.
Photo credit: jijomathaidesigners / Shutterstock