Employee cyber security training more important than ever

Employees receiving cyber security training is becoming more frequent and relevant in the wake of several high-profile data breaches impacting the Australian market.

According to research by KnowBe4, 60 per cent of Australian office workers receive frequent security training. This figure is up from 35 per cent in 2021.

Of those who received training at work regarding cyber security, 63 per cent are doing it online, in comparison to 52 per cent of staff doing it in person.

Of those who had training in person, 66 per cent received a lecture or presentation style training in a group format, with 46 per cent saying it was short sessions (two hours or less) and one in three (36 per cent) saying it was a full-day or half-day session.

Fifty-five per cent say that the trainings were one-on-one, with 34 per cent noting these one-on-ones were full-day or half-day sessions and 28 per cent saying they were short sessions (two hours or less).

Two-thirds (65 per cent) had online learning bitesize sessions of less than 30 minutes, while half (52 per cent) had online learning sessions of 30 minutes or longer.

Meanwhile, 23 per cent of workers say they’ve never received training at work regarding cyber security.

Jacqueline Jayne, security awareness advocate APAC at KnowBe4, said its encouraging to see greater training being facilitated within Australian businesses.

“Our latest Phishing Benchmarking Report shows that untrained users pose the greatest risk to organisations, so it is crucial to ensure that they are properly trained to understand the risks and the role they play in helping to protect their organisations,” she said.

“Last year’s breaches rocked Australia’s awareness of data security, so it’s a great relief to see this increase in security training at Australian organisations. To encourage participation and to make security awareness training compelling and relevant to employees, it really needs to be high quality, timely and easily digestible.”

The onus for employers to provide cyber security training is even greater with hybrid working arrangements, Ms Jayne noted.

“Given the shift to fully remote and hybrid office environments these days, it is no surprise that we see more training delivered in an online format compared to in person,” she said.

“Bite-sized, online learning modules are becoming more popular and relevant as attention spans decrease and demand for short but effective educational information increases. By incorporating more secure practices and behaviours that they have learned from security awareness training into their everyday routine, employees will be better positioned to make smarter security decisions and improve overall security culture.”

This latest data comes off the back of the government introducing a new initiative aimed at addressing shortages in cyber skills.

The initiative, which is being spearheaded by the Digital Skills Organisation (DSO) and Canberra Cyber Hub, will offer workplaces cyber security training programs.

Last year, Ben Jones, who is the managing director at Continuum Cyber, penned an opinion piece for HR Leader that detailed how HR is key to the success of creating a cyber security culture.

“There are compliance issues to consider, as well as protecting the company’s good name, customers, and other sensitive data. While ever, human error remains one of the key causes of breaches, so cyber security must become a whole-of-company priority. To achieve a company-wide culture shift, it’s evident that HR must play a key role,” Mr Jones wrote.