Cultural Cyber Security conducted confidential interviews with 365 people from 10 organisations across Australia during 2022. The following scores are the mean average out of 10.
- People rated themselves 7.1 out of 10 for awareness knowledge
- Only 68% knew of Ransomware, only 66% had heard of a password manager
- 90% had completed their mandatory training
- When asked to rate the "effectiveness" of their training they scored it an average of 5.97 out of 10 (PS: most didn't rate the "enjoyment" factor very high either)
- When asked how well they recalled their security policies - 4.08!
- Few people could recall training content
- When asked to rate their ability to detect phishing emails it was a sad 7 out of 10 (all organisations were using phishing simulations!!!)
- When asked if they had the skills to keep their data safe - 6.08!
Confidence to defend is low!
Yes annual mandatory training ticks the "Compliance" box but fails to register in the "Effectiveness" or "Behaviour" categories. There may be some limited knowledge transfer but there is minimal skills acquisition and behavioural change.
Do you want to lead change and transformation in your organisation or be "compliant" - because the difference is a yawning chasm.
People now represent 95% of the cyber security incident risk - if that's a risk you're prepared to accept, then do nothing. Risk acceptance is a part of good risk management.... Although, I would not risk putting your neck out on this one...
If you would like to know your Cultural Diagnostic Score and develop a program of effective learning, skill acquisition, and behavioural change to reduce your cyber security risk - Please let me know!
Cultural Cyber Security wants to change the world - one organisation at a time!
At the conclusion of these weekly bulletins revealing our data and findings extracts, Cultural Cyber Security will be releasing a full report, if you would like a copy of that report please advise and I will put you on the list.