Phishing attacks topped the list of concerns for decision makers with nearly 75 percent of executives citing phishing emails as the most significant threat, according to The State of Security Awareness Training report from CybeReady.
The same group of executives regard training as a better way to deal with this threat. Additionally, approximately 60 percent of users receive training about less than once a quarter – meaning organizations aren’t being adequately trained even with current solutions, says the report. Another 29 percent receive security awareness training only two to three times per year. Only 39 percent receive training quarterly or more often.
According to the report:
- 75 percent of security decision makers are highly concerned with phishing attacks.
- 58 percent of decision makers view awareness training as superior to technology solutions when dealing with phishing.
- the most common approach to security awareness training is to test everyone using simulated phishing attacks (39 percent), followed by video training (33 percent), selective training for some employees (12 percent) and short meetings (11 percent). Only five percent of executives say they don't provide security awareness training.
| Security Concern | Total |
| Phishing attacks | 74% |
| Malware other than ransomware | 68% |
| A data breach | 68% |
| Ransomware attacks | 67% |
| CEO Fraud/Business Email Compromise attacks | 63% |
| Targeted attacks | 61% |
| Zero-day exploits | 57% |
| Malware infiltration through web traffic | 57% |
| Account takeover attacks | 53% |
| Malware infections that occur through web surfing | 53% |
| Malvertising | 42% |
| Spam | 41% |
