Your people are not as secure as you think
Summary
Independent research indicates a significant gap between businesses' perceived cybersecurity training efforts and employees' actual training received. While a majority of New Zealand businesses report conducting security training, a much smaller percentage of employees report having received it. This highlights a critical disconnect in security culture and education effectiveness.
IFF Assessment
This is bad news for defenders because it reveals a widespread weakness in organizational security due to a lack of effective employee cybersecurity education, creating a larger attack surface.
Defender Context
Defenders should prioritize robust and engaging employee training programs that go beyond mere compliance. Measuring the actual effectiveness of training, rather than just its delivery, is crucial for identifying and mitigating human-factor vulnerabilities. This includes fostering a security-aware culture where employees feel empowered to report suspicious activities.