Phishing attacks topped the list of concerns for decision makers with nearly 75 percent of executives citing phishing emails as the most significant threat, according to The State of Security Awareness Training report from CybeReady. 

The same group of executives regard training as a better way to deal with this threat. Additionally, approximately 60 percent of users receive training about less than once a quarter – meaning organizations aren’t being adequately trained even with current solutions, says the report. Another 29 percent receive security awareness training only two to three times per year. Only 39 percent receive training quarterly or more often. 

According to the report:

  • 75 percent of security decision makers are highly concerned with phishing attacks.
  • 58 percent of decision makers view awareness training as superior to technology solutions when dealing with phishing.
  • the most common approach to security awareness training is to test everyone using simulated phishing attacks (39 percent), followed by video training (33 percent), selective training for some employees (12 percent) and short meetings (11 percent). Only five percent of executives say they don't provide security awareness training. 

Decision Makers' Security Concerns

Security Concern Total
Phishing attacks 74%
Malware other than ransomware 68%
A data breach 68%
Ransomware attacks 67%
CEO Fraud/Business Email Compromise attacks 63%
Targeted attacks 61%
Zero-day exploits 57%
Malware infiltration through web traffic 57%
Account takeover attacks 53%
Malware infections that occur through web surfing 53%
Malvertising 42%
Spam 41%