Recently, TalentLMS partnered with Kenna Security to survey 1,200 employees on their cybersecurity habits, knowledge of best practices, and ability to recognize security threats. Here are some of the staggering results that offer some explanation as to why cybercrime has grown into such a lucrative business:

• 69% of respondents have received cybersecurity training from their employers, and yet, when asked to take a basic quiz, 61% failed
• Only 17% of surveyed employees working in information services passed the quiz, compared to 57% of healthcare employees
• 59% of employees received cybersecurity training in response to the rise in remote work as a result of the COVID-19 pandemic
• 60% of employees who failed the cybersecurity quiz report that they feel safe from threats
• More employees store their passwords in plaintext than those that keep them in password managers
• Office employees report feeling safer from cybersecurity threats than remote ones, but have much worse security habits
• Experts offer advice on how to improve cybersecurity training initiatives for better results

These staggering results lead to the conclusion that simply having a cybersecurity training program in place isn’t enough. The majority of employees also report that their companies have implemented the correct fundamental safeguards that provide essential protection from cybersecurity threats:

• 66% require employees to use 2-factor authentication
• 67% have an established policy for reporting lost and stolen devices
• 75% enforce mandatory periodic password changes

Despite these numbers, it’s no secret that determined hackers are way ahead of the protections that companies have put into place, and there’s a lot of catching up to do. “These survey results show that while most of the employees surveyed show that their companies are moving in the right direction, there is a large number of companies that are not providing basic cybersecurity training (31%) or offering multi-factor authentication for their systems (between 18 – 34%). These gaps in basic cybersecurity hygiene are what attackers often exploit and are a good reminder we still have a lot of work to do," says Jerry Gamblin, Director of Security Research, Kenna Security.

Yaniv Bar-Dayan, CEO and co-founder at Vulcan Cyber, says, “We’ve been pretty good at identifying and prioritizing cyber security threats and vulnerabilities for decades, however, we still struggle to proactively coordinate remediation efforts to fix the problems we find. Identification is just a start and as this new research demonstrates, the cyber security industry has a lot of work to do. Our inability to get fix done is getting worse before it gets better particularly because the attack vectors continue to evolve while we struggle to secure the people, the processes, the supply chains and the technology being exploited. An orchestrated effort, led from the top of the business, is necessary to secure all the moving parts of our new, digital reality."

“The rapid shift over the past year to a remote work model has increased the workload across all IT staff. Even with IT staff well-versed in cloud services and supporting virtual workforce, they can no longer effectively leverage their expertise given the additional workload," says Brendan O’Connor, CEO and Co-Founder at AppOmni. "Organizations should consider a balanced approach to training their employees and investing in automation tools. Extensive training and around-the-clock manual monitoring are not necessary when the right automation tools can complement the IT staff as they build up their skillset.”