But only 41 per cent have mandatory training for all workers: survey
Seventy-one per cent of employers experienced at least one cyberattack last year that impacted the organization in some way, including time and resources, out-of-pocket expenses, and paying ransom, according to a survey.
And 96 per cent of respondents said cybersecurity awareness training was at least somewhat effective in reducing incidents, found the Canadian Internet Registration Authority (CIRA).
But while respondents (87 per cent) indicated that some form of training was offered by their employer, only 41 per cent said the training was mandatory for all employees, found the survey of more than 500 individuals with responsibility over IT security decisions.
“While technical solutions are important, the best layer of security for any organization are cyber-aware employees. We are happy to see more organizations embracing cybersecurity awareness training as a critical element of their defence. However, there is more work to be done to ensure the quality and rigour of the training offered keeps pace with the ever-changing world of cybersecurity,” says Jacques Latour, chief security officer at CIRA in Ottawa.
The most common types of cybersecurity awareness training are:
- internal training material (54 per cent)
- lunch and learns or workshops (36 per cent)
- standalone computer-based training (35 per cent)
- third-party seminar-style training programs (32 per cent)
- standalone phishing simulations (21 per cent)
- integrated training, phishing and reporting platform (21 per cent).
The full report can be found at CIRA.