Fortinet's research highlights link between cyber awareness and organisational risk

Fortinet's research highlights the link between employee-wide cyber awareness and organisational risk. Photo: Fortinet

As malicious actors use AI to increase the volume and velocity of their attacks, leaders believe these threats will be harder for their employees to spot. Fortinet found that more than 60 per cent of respondents expect employees to fall victim to attacks in which cybercriminals use AI. However, the good news is that most respondents (80 per cent) also say enterprise-wide knowledge of AI-augmented attacks has made their organisations more open to implementing security awareness and training.

Employees can be an organisation’s first line of defence, but leaders are increasingly worried that their employees lack security awareness. Nearly 70 per cent of those surveyed believe their employees lack critical cybersecurity knowledge, up from 56 per cent in 2023.

Leaders recognise the importance of security awareness training but believe specific attributes make some training programmes more effective than others. Three-quarters of leaders say they plan their security awareness campaigns, delivering content monthly (34 per cent) or quarterly (47 per cent). Executives also point to high-quality content playing a leading role in the success or failure of the programme.

One prominent way cybercriminals use AI is to make phishing schemes more believable and harder to detect. Because phishing targets individual users directly, organisations are heavily focused on teaching employees how to recognise and avoid falling victim to these attacks.

Fortinet found that end-users remain attractive targets for cybercriminals. More than 80 per cent of organisations faced attacks last year, such as malware, phishing, and password attacks that directly targeted individuals.

As attacks evolve, security awareness and training will only become more vital. Nearly all (96 per cent) of those surveyed say their leadership team supports employee security awareness training. Nearly all respondents (98 per cent) say phishing prevention is a component of their training programmes and plans. Other top training priorities include data security (48 per cent) and privacy (41 per cent).

While security and IT teams are crucial to safeguarding organisations against cyberthreats, an enterprise’s employees also play an important role in preventing breaches. Specifically, employees are open to cybersecurity awareness and training opportunities. Most leaders (86 per cent) say their employees positively view security awareness and training.

In addition, organisations see positive results when they implement security and awareness training programmes. An overwhelming majority of leaders (89 per cent) say their organisation saw at least some improvement in its security posture after security awareness and training were implemented. Not a single respondent claimed to see no improvement.

Most organisations are motivated to introduce security awareness and training based on their experience of being breached or knowledge of threats in their industry or sector. Almost all decision-makers (96 per cent) say their leadership team supports implementing training to raise employees’ cybersecurity awareness.

According to this year’s survey, 97 per cent of leaders think increased employee awareness would strengthen their organisation’s cybersecurity posture. Yet respondents also agree that there are key attributes of training programmes that are important for effectiveness, including engaging content and the time commitment required from learners.

John Maddison, chief marketing officer at Fortinet, “As threat actors harness new technologies like AI to augment the sophistication of their attacks, it’s increasingly crucial that employees are a robust first line of defence. Fortinet’s new research underscores the importance of creating a culture of cybersecurity and the need to deploy organisation-wide cyber awareness and training. These findings reinforce the significance of the award-winning security awareness services offering for enterprises, as well as our free educational version available to school districts worldwide, in strengthening cyber resilience.”

Fortinet adds new capabilities to support work-from-anywhere New updates to FortiSASE expand the industry’s most integrated single-vendor SASE solution to further converge networking and security across a unified operating system.

Fortinet reaffirms its commitment to secure product development and responsible disclosure processes As one of the first cybersecurity vendors to sign CISA’s Secure by Design pledge, Fortinet® (NASDAQ: FTNT) is dedicated to a culture of responsible radical transparency that puts the safety of customers first.

Threat actors increasingly targeting operational technology organisations Nearly one-third (31 per cent) of operational technology (OT) organisations reported more than six intrusions in the last year, up from 11 per cent the year before, according to Fortinet's latest findings.