Security awareness and training is a method, not an outcome
Cybersecurity Dive November 20, 2024
In 2024, the idea of human risk management shifted from concept to reality as frustrated CISOs looked for solutions beyond security awareness and training to make real change.
For decades, firms have relied on security awareness and training to address the human side of security. Recommendations for dealing with human-related attacks were limited to this one silver bullet.
Despite 97% of organizations reporting that they undertake SA&T, human-related attacks, such as business email compromise, have quadrupled.
CISOs haven’t instilled security cultures in their organizations and training continues to cause friction for learners. No one knows what behaviors change because of this training.
In 2024, the idea of human risk management shifted from concept to reality, with frustrated CISOs...