KnowBe4: Increased Frequency of Security Awareness Training Improves Prevention of Security Breaches

KnowBe4, a provider of security awareness training and simulated phishing platform, has announced a new KnowBe4 Research report, which finds that increasing the frequency of security awareness training improves reactions to security breaches by enhancing the understanding of security instructions.

In this report, KnowBe4 examined how clearly security instructions are understood by employees relative to the amount of security awareness training they have taken in the last 12 months. Responses were analyzed and compared based on those who completed no security awareness training, annual training, quarterly traifining and monthly training. Data from over 526,000 people worldwide in a variety of industries was included.

Highlights from the findings include:

  • In 84% of cases, security awareness training increased employees’ understanding of security instructions.
  • The average clarity rating by respondents was 70 out of 100; however, the clarity varied greatly depending on how much security awareness training had been completed in the last 12 months.
  • When analyzing specific industries, Hospitality was noted as having the highest frequency of no security awareness training and Education rated the clarity of instructions in the event of a security incident lowest of all industries examined.

“The correlation between more frequent security awareness training and being better prepared on the specifics of how to deal with a security incident is made clear based on the findings of this report,” said Kai Roer, chief research officer, KnowBe4. “For organizations looking to improve their communication efforts with employees regarding what to do in the event of a security breach, leaders should implement security awareness training on a monthly or at least quarterly basis. Without the benefits obtained by frequent training, employees are left to decipher security instructions on their own, lacking proper guidance and ultimately putting the organization at higher risk for mishandling a security incident.”