This website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
This Website Uses Cookies By closing this message or continuing to use our site, you agree to our cookie policy. Learn MoreThis website requires certain cookies to work and uses other cookies to help you have the best experience. By visiting this website, certain cookies have already been set, which you may delete and block. By closing this message or continuing to use our site, you agree to the use of cookies. Visit our updated privacy and cookie policy to learn more.
“I really enjoyed our cybersecurity self-training today, and really plan to change my behavior as a result of it” said just about no one anywhere, ever. And yet, when the topic of the “human factor in cyber breaches” is discussed in any forum, recommendations always revert to the mean (and the cliche’): cybersecurity training. Driven by compliance requirements and the need to check that box, coupled with a sea of cyber awareness training companies armed with cherry-picked statistics about the efficacy of awareness training, the call for cybersecurity training has become so ubiquitous that it’s become a caricature of itself.
And yet the pace of successful attacks continues to accelerate, the cost of breaches increases, and employees continue to click on phishing emails. Does this mean we should stop conducting cyber awareness training? Of course not. It can’t hurt, and can certainly help. But the good guys only have to be wrong once, and the bad guys can flood an organization with thousands of phishing emails and need only one or two to be clicked on. No amount of security awareness training can stop them all.