Contact us: +45 32 67 26 26

Does Awareness Training Work? Research And Our Customers Say So!

Søren Lassen Jensen
By: Søren Lassen Jensen Awareness training | 25 July

We can keep telling you about how awareness training can help your organization by improving your IT security. But why not hear it from someone else? We’ve gathered research about awareness training and cybersecurity, and we’ve asked some of our customers about how our awareness training has helped their organizations. Keep reading to see how awareness training can improve your organization’s cybersecurity.  

Here you can read about

Cybersecurity breaches in numbers 

95% of cybersecurity breaches happen because of human error. This tells us that employees’ lack of awareness about cybersecurity is a big issue. It’s the company’s responsibility to create this awareness, not something that employees should have to do on their own. Cybersecurity is about much more than just having the best firewall and the most advanced technical solutions. You shouldn’t ignore that your co-workers are also an important part of your cybersecurity. We’ve gathered some statistics about IT security breaches here:

The numbers show that it’s often the human aspect where cybersecurity breaches happen. Cybercriminals know that humans are the weakest link in an organization’s cybersecurity. This shows the importance of training your co-workers to improve their cybersecurity behavior. One of the tools that you can use for this is awareness training. But what does this actually cover?

What does awareness training cover? 

Awareness training is an e-learning tool that teaches your co-workers about cybersecurity and the GDPR in order to create a good cybersecurity culture. A good cybersecurity culture can be achieved when IT security is a part of everyone’s regular workday. Our co-workers don’t have to be experts in cybersecurity. But they should be aware of potential threats, so they are able to spot e.g., phishing emails. But what does the research say about awareness training? Does it have an effect, and does it actually work?

Listen to our podcast about why aware employees are important

What does the research say about awareness training? 

Research From State Of The Phish found that 80% of all organizations said that user awareness reduced their employees’ susceptibility to phishing attacks. 

Researchers in connection with EU DOGANA found that receiving a form of awareness training significantly improves employees' ability to spot and identify phishing attacks 

In another study, a company with 2,900 employees implemented awareness training about cybersecurity in order to see if it had an effect. The training had positive results and showed the effectiveness of awareness training on employees. The training contributed to stronger passwords in the company as well as improved awareness about the employees’ role in protecting the company’s cybersecurity. Before the awareness training project, the use of weak passwords was 35,6%. After a year, the number dropped to 6.9% 

So, research shows a positive trend, that awareness training helps. But how does our training actually help in practice? We’ve asked a couple of our customers how CyberPilot’s awareness training has helped them.

CTA_e-book_blog-desktop

Here is what our customers say about CyberPilot’s awareness training 

Here we’ve gathered statements from some of our customers about how our awareness training has assisted them at various points in their work.

Awareness training raises awareness about phishing 

A part of our training is about how to spot a phishing email. 

Rune Udby from the company Firtal has seen the effect of this: 

“It was great to see how our team responded to the initiative. We’ve made a game out of discovering phishing emails before the others. The employees say that they feel much better equipped to see through the daily attempts at fraud that they are exposed to, now that they know what to look for.” 

So, awareness training helps by reducing the risk of your employees falling for a phishing attack. Aware employees are safe employees.

Our own research also shows how awareness training and phishing testing work together. For example, after continuous participation in CyberPilot's awareness training and phishing testing, users had over a 50% reduction in mistakes made during a simulated phishing attack. 

Phishing effect

Awareness training contributes to a good IT security culture 

Awareness training contributes to a good IT security culture. It’s important that you don’t talk down to your employees when it comes to cybersecurity. Here is what Mads from DTU Biosustain has to say: 

“I think that what you do is really good. First of all, it tells a story. It isn’t condescending. The worst thing is when people feel talked down to by the IT department. It’s when they say: ’I feel stupid when I come into your office and ask questions, and you are just sitting there with your World of Warcraft hair.’ I want everybody to feel welcome.” 

Mads also has some advice for other organizations’ IT-security 

"I think I’ve said that the technical systems and awareness go hand in hand. One can’t live without the other. You can get really far with the technical systems, but it is not enough. IT security is not stronger than the weakest user. 

So, you might have the best technical solutions, but all it takes is one wrong click.

Awareness training contributes to stronger passwords 

Lars Juul from EUC Lillebælt has this to say about CyberPilot’s awareness training, and how our training helped them increase awareness about strong passwords. 

“The other day, I overheard three of the school's teachers lively discuss how to create the strongest possible password. This put a smile on my face. In the past, IT security was not something that employees were interested in, but after our course with CyberPilot's awareness training, it’s suddenly a hot topic. They exchange experiences with each other and there is a much greater understanding and responsiveness to new initiatives in the field.” 

We’ve also written a blog post about how you can create a strong password that you can remember. 

We also spoke with Jesper Christensen, CFO of Dacapo Stainless, about our awareness training: 

“I was very surprised when a couple of employees, at the start of the process, came down and asked if we should use two-factor authentication in more places in the company. In the past, it has sometimes been a struggle just to get them to change passwords! In general, I feel that employees no longer think that IT security is just an annoying chore. They have understood that they play an important role.” 

This shows that awareness training works to improve employees' awareness about the important role they play in their organization's IT security.

Risk

Awareness training helps with GDPR work 

Anne is responsible for GDPR compliance at Novicell. Novicell implemented CyberPilot’s awareness training to keep their employees updated about essential parts of the GDPR and cybersecurity. Here is what Anne has to say about our courses in connection with Novicell’s GDPR work: 

“There might be a new recommendation about consent. And I can easily say “You must do this” to all the employees, but what does it mean and how do we do it in practice? This is where your courses fit in. They explain why and how, as well as what it secures. The courses explain how we protect personal data in the best way with some relatable examples.” 

Awareness training helps to communicate about the GDPR effectively. We’ve also written a blog post about how you can make sure that your company is GDPR compliant. You can also read the full customer case with Novicell if you’re interested in knowing how Anne uses our awareness training in her GDPR work.

Awareness training works 

The main takeaway here is that awareness training works. Mads from DTU Biosustain agrees: 

“Awareness works! I know that without having any numbers to back it and without having any basis whatsoever for saying it except for my gut feeling.” 

But Mads also mentions that: 

“I used to write ’This email is circulating.’ I don’t need to do that now. People are aware.” 

So, it seems like awareness training is effective. You can read more about how Mads creates awareness about cybersecurity at DTU Biosustain.

We can also help you 

It’s great to see how our awareness training helps our customers. You can read more about how to implement awareness training in your organization if you’re wondering about this. If you're interested in knowing more about how our awareness training can help you and your organization, then don’t hesitate to contact us. You can of course also try our courses for free.