A recent survey of more than 600 respondents at organizations ranging from fewer than 100 employees to more than 10,000 has found that more than 56 percent of employees (excluding security and IT staff) have not been provided with security awareness training (h/t Softpedia).
The study, entitled Security Awareness Training: It’s Not Just for Compliance, was conducted by Enterprise Management Associates (EMA).
The issue was more prevalent in small to medium sized businesses (SMBs). Seventy-two percent of untrained survey respondents worked at SMBs with fewer than 1,000 employees, and 44 percent worked at SMBs with fewer than 100 employees.
Among companies that do provide training, 48 percent said their organizations measure the effectiveness of the training, 18 percent said effectiveness isn’t measured, and 34 percent didn’t know.
“Many SMBs may mistakenly think their small size keeps them below attackers’ radar, but in doing so leave themselves exposed to various types of employee focused attacks which could cost them everything,” the report states. “The potential cost of employees making poor security choices due to lack of awareness and understanding may go unrecognized until it becomes an actual cost of breach reparations.”