Dive Brief:
- Workers in finance know more than workers in other industries about cubersecurity, according to a report from Proofpoint. After analyzing more than 100 million answers to cybersecurity questions from employees in 16 industries, Proofpoint found that finance workers answered 80% of questions correctly. Transportation and education sector workers had the least knowledge among the various sectors, answering 24% of questions correctly on average, Proofpoint determined.
- Proofpoint identified five top areas that employees lack knowledge in: identifying phishing threats, protecting data throughout its lifecycle, compliance-related cybersecurity directives, protecting mobile devices and information and using the internet safely.
- Workers in communications excelled at answering these questions compared to workers in other departments, while customer service, facilities and security employees knew less about cybersecurity than other departments, according to the findings.
Dive Insight:
Cyber threats continue to be a grave concern for businesses, and a majority of organizations report their own security culture isn't where they want it to be. In fact, only 5% of employers in a Information Systems Audit and Control Association study from last fall reported they were where they should be to protect against cyber threats.
Training in the area has been a top priority for CISOs for some time, as cyber incursions become more sophisticated. As a result, workers with expertise are needed, but recent estimates indicate there are 300,000 vacant jobs in cybersecurity and that 60% of businesses struggle to hire for these roles.
The federal government is also working toward building knowledge and awareness of such threats. To address the cyber skills gap, the Office of Management and Budget announced its "Cloud Smart" strategy last September, though critics called the initiative a bit too vague to be effective. Still, private employers might be able to address the skills gaps in these areas with training that benefits their broader organizations. Learning leaders across industries can help mitigate the threat with education on how employees can protect their own personally identifiable information, which can often lead to breaches of workplace data.
"Some of the key things to include in PII training for employees is an explanation of what is private information and/or what combination of information makes it private," Erika Lance, KnowBe4's SVP of people operations, previously told HR Dive. She said interactive video modules and in-person training are the two best tools for employers because they are fun and engaging.