Intelligent CIO Europe Issue 74 | Page 8

The challenge of raising employee cyber awareness

In a world of constant connectivity and instant data sharing , cyber security challenges are more present than ever . According to Verizon ’ s latest Data Breach Investigations Report , 74 % of all data breaches are attributed to the human element . IBM ’ s research parallels these findings , listing credential theft and phishing as the top two attack vectors . With humancentric cyber threats on the rise , security leaders are asking themselves : How can we fortify and equip our employees to shield both themselves and our organization ?

This underscores the importance of a strong security culture in organizations . And central to this culture is implementing cyber security awareness training , which empowers employees to identify cyberthreats and respond appropriately . However , even if security awareness has long been a component of security strategies across companies , it ’ s now undergoing a fundamental shift .

Traditional training models , which largely focus on fulfilling regulatory requirements and offer static content libraries , are proving ineffectual against the new-age threats that come with the professionalized cybercrime industry . And this inadequacy is further highlighted by a longstanding industry misconception : the belief that mere knowledge ensures proactive security behavior . Yet , reality paints a different picture . Often , individuals will bypass security protocols if they perceive an immediate , tangible benefit , outweighing the intangible risk . This behavior underscores a significant gap in the industry ’ s approach : the lack of personal relevance in training . In fact , a study by our Human Risk Review 2023 unveiled the core issues with current awareness trainings : they ’ re time-consuming , too broad , and monotonous .

science into security awareness programs and incorporating mi ¬ cro-learning , gamification , and nudging in their awareness programs , companies can transition from isolated measures to continuous security culture management , providing robust protection against social engineering .

However , there ’ s another key element to effective cyber security education : personalization . Recognizing the diversity in cyber security awareness among employees is essential , as every employee interacts with technology in their own way . While some are skilled in the digital world , others may be cautious due to limited experience . Training must also consider an individual ’ s past experiences , professional background , and access to digital tools . The benefits of this strategy are manifold : Tailored cyber security training increases engagement by making lessons relevant to individual roles , allows precise targeting of strengths and weaknesses , and addresses a wide range of risks by considering each employee ’ s behavioral tendencies .

Platforms like SoSafe make cyber security awareness a shared responsibility . SoSafe gamifies the learning process , using reallife phishing simulations and tailored learning paths to engrain secure habits and transform users from skeptics to advocates . The platform also equips decision-makers with actionable insights via an interactive dashboard , and our new Rapid Awareness feature transforms security communication – any time prompt action is required .

Investing in tools that integrate all these elements , like SoSafe , can empower all employees , solve some of the challenges of security awareness training , and build a resilient organization equipped to face the evolving threat landscape .

This means that the focus must shift from compliance-centric measures to initiatives that effectively cultivate secure habits among employees , enabling them to operate securely in their day-to-day work lives . By integrating principles from behavioral

Dr . Niklas Hellemann , CEO of SoSafe