The benefits of cybersecurity awareness programs are currently the subject of broad discussion, particularly when it comes to phishing simulations. Nowadays, companies not only invest in IT security solutions, but also in the training of their employees with the goal of making them more conscious of security issues. Already 96 percent of companies conduct security awareness trainings. This is one of the results of the “Cybersecurity Awareness Study 2020” among qualified, international security experts, conducted by the Swiss company Lucy Security in July 2020. Security awareness covers various training measures which sensitize a company’s employees to IT security issues. The goal of these measures is to minimize the risks to IT security caused by employees.
Companies do not exploit employees’ potential
81 percent of the companies surveyed carry out phishing simulations. It is noteworthy, however, that only slightly more than half of the companies already include their employees in their security arrangements. For example, only 51 percent of the companies use a phishing alarm button. 49 percent do not use this function and thus do not exploit the full potential of their staff. The so-called “human firewall” is not activated. “The lack of use of a phishing incident button wastes a lot of protection potential and user motivation,” comments Palo Stacho, co-founder and Head of Operations at Lucy Security.
In 92 percent of the companies, cybersecurity awareness has increased in recent months. 96 percent also agree that cybersecurity awareness has led to a higher level of security in their company. 98 percent are also convinced that security awareness measures make attacks by cyber criminals more difficult.
Phishing simulations strengthen trust in superiors
The measures also strengthen the confidence in the management. Almost 89 percent of the survey participants “fully”, “largely” or “rather agree” that trust in management is not called into question by phishing campaigns. 73 percent also confirm that the security awareness measures do not cause any fear among employees. In fact, the measures have the opposite effect: 95 percent of the respondents say that the phishing simulations have a positive effect on the working atmosphere. 100 percent also claim that the measures have a positive effect on their company’s error culture.
Security awareness makes companies more secure
Finally, 92 percent of the survey participants denied that the same level of IT security could be maintained in the company if the existing funds and resources were invested exclusively in technical security measures, such as firewalls and virus scanners. “At Lucy Security, internal analyses have shown that correctly implemented awareness programs make a company up to ten times more secure,” says Palo Stacho. “But the benefits of cybersecurity awareness go far beyond fewer security incidents and better trained employees. The trainings and increased attention to IT security also have a positive effect on the corporate culture.”
About the study
The global online study “Benefits and Challenges of Cybersecurity Awareness 2020” was conducted between June 25 and July 16, 2020 among nearly 900 qualified security specialists. More than eight percent of the respondents answered the extensive questionnaire. The percentage of study recipients from the DACH region was at 32. During the same period, the survey was also publicly available and was promoted via LinkedIn. About twelve percent of all answers could be collected via this channel. 90 percent of the survey participants said that they were security awareness specialists.
About Lucy Security
Founded in 2015, Lucy has transformed the real-world ethical hacking experience of its founder into a comprehensive security training solution that provides a 360o view of an organization’s security vulnerabilities. To date, more than 26 million users have been trained in 10,000 installations worldwide. Lucy continues to earn numerous industry awards, including the 2020 ISPG Award for Best Cybersecurity Education and Training, and the 2020 Cybersecurity Excellence Awards for Best Anti-Phishing and Best Security Education Platform. The company is headquartered in Zug, Switzerland with U.S. operations in Austin, TX. For more details, go to www.lucysecurity.com.