21st century cyber awareness for a 21st century threat

21st century cyber awareness for a 21st century threat

The success of cyber security awareness learning in organizations today is, typically judged by the ‘ticking of a box’ to say it’s been done.

But have organizations – and their managers responsible for information security awareness learning – really stopped to ask whether the programmes their people do are giving them the practical advice and skills to display the behaviours and actions required to manage effectively the cyber risks we face? After all, the organization’s reputation, competitive advantage and the confidence of its customers depends on that.

Nick WildingAt present, many workplaces rely on annual, cyber awareness e-learning. In fact, the research we conducted recently with Ipsos MORI showed that 82% of organizations are using traditional, computer-based training and e-learning. And, as reported in a previous blog post, our survey showed that less than a third of them (28%) believe their cyber security awareness learning is “very effective” at changing staff behaviour, with only 32% “very confident” that the learning is relevant to staff.

I would contest that this type of learning leads to an inescapable conclusion: it’s designed once for people who do it once and, ultimately, forget it at once. It’s a paradox: why is the training currently deployed to combat cyber crime – one of the emerging crimes of our century – not fit for the job?

In this vital area of staff training and development, one size doesn’t fit all and traditional techniques are unlikely to instil the cyber resilient behaviours that employees need today. Instead, there needs to be a range of learning techniques that truly engage all our people, embedding and sustaining the resilient behaviours required to more effectively protect an organization’s most sensitive and valuable information and systems.

According to our research, fewer than a third of organizations are using new and proven learning techniques such as simulations, animations and games. We should be hailing these workplaces as trailblazers, tapping into learning methods that give their staff the skills and confidence to take the right decisions at the right time.

This has to be the way forward. With only 46% of organizations giving their people information security training that goes beyond induction and once-a-year e-learning, that leaves a lot of workplaces with a worrying level of cyber vulnerability among their staff.

Directors and managers responsible for security awareness learning and training must review its value with some urgency and decide what needs to change. AXELOS has produced a new, downloadable guide to help organizations do this. It includes guidance on what topics should be covered in cyber security awareness learning, along with recommending essential steps to improving organizational cyber resilience.

While people remain the greatest vulnerability for most organisation, they can also offer the greatest opportunity to make organizations more cyber resilient. With the right learning styles and delivery techniques, the human factor can provide your most effective defence to the growing cyber risks all organizations face.

Download our cyber resilience guide, Are your people playing an effective role in your cyber resilience? (PDF, 165KB).

See our RESILIA™ section for more information about cyber resilience.

Read more AXELOS Blog Posts from Nick Wilding

Did you know you were a whale?

Cyber resilience: How important is your reputation? How effective are your people?

A cyber resilience Q&A with Karoliina Ainge, head of Estonian cyber security policy - Part 2

A cyber resilience Q&A with Karoliina Ainge, head of Estonian cyber security policy - Part 1

Cyber Resilience: it’s all about behaviours - Digital Leaders Conference presentation

Cyber Resilience: it’s all about behaviour, not bits and bytes

Cyber Resilience: We need to TalkTalk

Cyber Resilience: developing a new language for all

Looking for Business Leaders in the Cyber Resilience Race

Current rating: 3 (1 ratings)

Comments

There are no comments posted.
You must log in to post a comment. Log in

Cyber resilience report results

Download the report results

Cyber resilience infographic

Cyber resilience: Are your prople your most effective defence? - infographic

See the key points and statistics from our cyber security awarensess research.

Download the infographic

Cyber resilience and your employees

Awareness Learning Guide

Download our updated guide to help your organization ask the right questions and start your journey to improved cyber awareness.

Download our guide