Does Cyber Security Awareness Training Work?

Loftus offers a Cyber Security Awareness Training package.

Its goal is simple—to provide you and your team with tools and techniques to keep your business safe from cyber security threats by putting humans front and centre as the best and first-line of defence.

Via a survey issued several weeks apart, we test your cyber security knowledge both before and after the training session to measure its effectiveness.

For sessions conducted in Adelaide during the 2018 calendar year, Loftus observed that Customers increased their awareness by an average of 19% post training.

Following training, Loftus also sends a personalised e-mail with instructions to redeem a theoretical gift certificate—in other words a phishing scam.

This fake e-mail is benign but enables us to determine the effectiveness of training at an individual level—who opened the e-mail, who clicked the link, who shared their personal details in the hope of obtaining the certificate.

Fewer than 5% people clicked on the link and fewer than 3% shared their personal details. But this should be zero!

On closer inspection, this result was significantly skewed by individuals from financial services companies that were more trusting of unsafe links and requests for personal information.

And this was really unexpected!

The result could be attributable to the volume of external e-mails—arriving from disparate senders—that are typically fielded by financial services employees. Furthermore, most of our training for this sector occurred earlier in the calendar year and we can, perhaps, assume that cyber awareness is ever increasing therefore oppositely skewed results for sessions held later in the year.

Yet, for other Customers no one clicked the link or shared their personal details—a vote for the effectiveness of training across other industries.

Our research demonstrates an uplift in cyber security awareness following interactive classroom style training, the best way to learn.

However, this type of training can’t really be seen as a one off, though. People come and go from your business, knowledge fades, and new threats emerge. Regular reinforcement and refreshers are therefore necessary as part of operational policy.

To book your Cyber Security Awareness Training session, please feel free to contact us on 1300 LOFTUS (1300 563 887) or e-mail to [email protected].

Three ways you can apply this information now

• Share this article – who else might find this of interest?
• Start a chat at work – is being cyber aware worth the effort?
• Leave a comment below – what do you think?