TMCnet News

Employees Would Simply Rather Not with Boring Security Awareness Training, New Research Finds
[September 24, 2020]

Employees Would Simply Rather Not with Boring Security Awareness Training, New Research Finds

BOTHELL, Wash., Sept. 24, 2020 /PRNewswire/ -- In news surprising no one, a new survey of 1,000 U.S. employees has found that boring security awareness training doesn't make them want to be secure.

"Our research found that users who found training to be 'very interesting' were more than 13 times more likely to make fundamental changes in the way they think about security compared to those who found the training to be 'boring'," said Michael Osterman, researcher and president of Osterman Research, who conducted the study.

The research supports the claim that employees get far more benefit out of interesting and engaging training, joining facts such as "the sky is blue," and "water is wet."

As users receive more security awareness training, their ability to effectively deal with security threats increases, the report found. The "before-and-after" picture displays that users who are properly trained are much more likely to spot phishing attempts, business email compromise, and other cybersecurity threats than are their untrained colleagues.

The study, Security Awareness Training as a Key Element in Changing the Security Culture, surveyed both everyday employees and IT managers and decision makers to gauge opinions on the current state of security training and awareness. The work was co-sponsored by training and awareness firm MediaPRO, who wouldn't know how to produce boring training if you gave them directions.

Other key takeaways from the report include:

  • IT, security, and business leaders – while generally wanting to establish a strong cybersecurity culture within their organization – are somehow not conveying that idea effectively to a large proportion of their employees.
  • Security awareness training is perceived to be as important as technology in dealing with security threats and organizations will be devoting more employee time to training over the next yea.
  • Approximately 45 percent of employees surveyed expect to spend 15 minutes or more per month in training by mid-2021; up from 26 percent in 2020.
  • Senior IT and business management are much more enthusiastic about security awareness training than are non-management employees.
  • Security and IT leaders, their staff members, and business leaders are largely onboard with the idea that developing a strong cybersecurity culture is important; everyday employees, however, are much less convinced about the importance of doing so, indicating that the goal of developing a robust security culture has not yet been achieved in most organizations.

"Security awareness training doesn't do anyone any good if they sleep through it. You can deliver the best security advice in the world, but if no one is listening, you might as well be talking to a brick wall," MediaPRO Chief Strategist Lisa Plaggemier said.

"Good security awareness training should get and keep your attention. That's what it means to be engaging," Plaggemier continued.

As lots of scary industry research continues to find, cybersecurity technology alone is not enough to keep businesses secure. Bad guys go after employees; plain and simple. Equipping them with the know-how to turn away cyberattacks means engaging security training that speaks their language and tells them what they need to know; no more, no less. The full report can be found here: 

For a deep dive into the report without having to read anything, sign on to a live Sept. 30 webinar at 10 a.m. PT featuring Osterman President Michael Osterman and MediaPRO Chief Learning Officer Tom Pendergast via the BrightTALK platform:

About MediaPRO
MediaPRO security and privacy training solutions are used by organizations of all sizes to protect sensitive data, demonstrate compliance, and reduce the risk to their reputation and bottom line. With MediaPRO, it's easy to keep employees engaged and track program effectiveness. And, unlike phishing-focused security awareness training solutions, MediaPRO covers security, privacy and compliance so you can address a more complete threat landscape. MediaPRO has been named a leader in Gartner's Magic Quadrant for Security Awareness Computer-based Training for six years in a row.  For more information, please visit, or follow MediaPRO on LinkedIn, Facebook, and Twitter.

For media inquiries:
Caroline Dobyns


Cision View original content:


[ Back To's Homepage ]