As cyber threats become increasingly sophisticated, nearly 70% of organizations worldwide report that their employees lack fundamental cybersecurity awareness, according to the 2024 Security Awareness and Training Global Research Report released by Fortinet. The findings underscore the critical need for businesses to invest in comprehensive training to mitigate risks, especially as cybercriminals leverage artificial intelligence (AI) to enhance the scale and complexity of their attacks.
John Maddison, Chief Marketing Officer at Fortinet, emphasized the growing importance of employee vigilance, noting that as threat actors use AI to improve their methods, organizations must prioritize cultivating a culture of cybersecurity. He highlighted Fortinet’s contributions to this effort through its Security Awareness and Training service, including a free version available for schools globally. Maddison stated: “As threat actors harness new technologies like AI to augment the sophistication of their attacks, it’s increasingly crucial that employees serve as a robust first line of defence. These findings reinforce the importance of our award-winning Security Awareness and Training service and its role in strengthening cyber resilience.”
The report reveals significant challenges for organizations as they navigate an evolving threat landscape. Many leaders expressed concern about their employees’ ability to recognize and respond to sophisticated threats, particularly those involving AI-powered phishing schemes. The percentage of leaders who believe their workforce lacks essential cybersecurity knowledge has grown to 70% in 2024, compared to 56% last year.
Despite these challenges, organizations have seen positive results when implementing security awareness programs. Nearly 89% of respondents reported that their security posture improved after adopting training initiatives. Leadership teams across industries are showing overwhelming support for these programs, with 96% of decision-makers advocating for their implementation.
The survey also highlights the characteristics that make such programs effective. Leaders agreed that engaging content plays a pivotal role in the success of training initiatives, while concise and time-efficient formats help prevent training fatigue among employees. Most training sessions are designed to last between one and three hours, striking a balance between depth and accessibility.
Fortinet’s report underscores the need to go beyond technical training and build a robust culture of cybersecurity. This cultural shift involves empowering employees to become a strong first line of defence against evolving threats. The company’s Security Awareness and Training service is specifically designed to meet this challenge by offering customizable content, progress tracking tools, and features tailored to compliance and cyber insurance requirements.
With nearly all surveyed organizations acknowledging the critical role of employee awareness in strengthening cybersecurity, the message is clear: a well-trained workforce is indispensable in today’s digital landscape. Fortinet’s findings serve as a wake-up call for organizations to prioritize comprehensive, engaging, and consistent training efforts to ensure resilience against emerging threats.