Fortinet report exposes gap in employee cyber awareness

A new report by Fortinet reveals that nearly 70% of organisations believe their employees are lacking in fundamental security awareness.

Fortinet has released the 2024 edition of its Security Awareness and Training Global Research Report, highlighting the significance of a well-informed workforce in reducing organisational risk. The report stresses the increasing reliance on artificial intelligence (AI) by cyber attackers, making it more challenging for employees to recognise and thwart these threats.

John Maddison, Chief Marketing Officer at Fortinet, stated, "As threat actors harness new technologies like artificial intelligence (AI) to augment the sophistication of their attacks, it's increasingly crucial that employees serve as a robust first line of defence. Fortinet's new research underscores the importance of creating a culture of cybersecurity and the need to deploy organisation-wide security awareness and training."

"These findings reinforce the importance of our award-winning Security Awareness and Training service for enterprises, including the free educational version available at no cost to primary and secondary schools around the world, and its role in strengthening cyber resilience," Maddison said.

The report identifies a key gap in employee cybersecurity knowledge, with 70% of organisations recognising a lack of basic security awareness among their staff, a significant increase from 56% in 2023. This has prompted a greater emphasis on security training programs within companies.

Moreover, over 60% of the report's respondents predict a surge in the number of employees falling victim to AI-driven cyberattacks, although the awareness of these AI-augmented threats is encouraging more organisations to adopt comprehensive security training and awareness measures.

Phishing attacks, utilising AI to enhance sophistication, remain a prevalent threat that targets individual users directly. Organisations are focusing on training employees to identify and evade these phishing attempts. This approach is critical as more than 80% of businesses reported enduring attacks such as malware, phishing, and password breaches which specifically targeted individuals.

Nearly all surveyed organisations (96%) back leadership support for employee security awareness programs, underscoring the necessity and effectiveness of such initiatives. The report findings show that 98% of organisations incorporate phishing prevention into their training efforts, with data security (48%) and privacy (41%) being other priorities.

The efficacy of security training programs is often dependent on the quality of the content and the method of delivery, with 86% of decision-makers reporting satisfaction with their current training solutions. Yet, those less satisfied highlighted engaging content as a critical missing component.

It is also essential that training programs do not contribute to fatigue among participants, with the average suggested time commitment being roughly 2.0 hours, although some respondents noted that three hours could be acceptable in specific circumstances.

Fortinet's Security Awareness and Training service aims to build a cyber-aware workforce by providing structured and engaging content while offering tools to track progress and ensure compliance with cyber insurance and legal regulations.

The report surveyed over 1,850 professionals in executive and management roles across 29 countries, spanning various industries such as manufacturing, financial services, technology, and professional services.