A new study by Fortinet found that while employees can be an organization’s first line of defense, leaders are increasingly worried their employees lack security awareness. Nearly 70 percent of those surveyed believe their employees lack critical cybersecurity knowledge, up from 56 percent in 2023. 

Fortinet, a cybersecurity company that develops and sells security solutions for enterprises, service providers and government organizations, released its annual 2024 Security Awareness and Training Global Research Report, highlighting the crucial role a cyber-aware workforce plays in managing and mitigating organizational risk. 

Among other key findings from the global report: 

  • As malicious actors use artificial intelligence (AI) to increase the volume and velocity of their attacks, leaders believe these threats will be harder for their employees to spot. More than 60 percent  of respondents expect more employees to fall victim to attacks in which cybercriminals use AI. However, the good news is that most respondents (80 percent) also say enterprise-wide knowledge of AI-augmented attacks has made their organizations more open to implementing security awareness and training. 
  • Leaders recognize the importance of security awareness training but believe specific attributes make some training programs more effective than others. Three-quarters of leaders say they plan their security awareness campaigns, delivering content monthly (34 percent) or quarterly (47 percent). Executives also point to high-quality content playing a leading role in the success or failure of the program. 

According to the report, one prominent way cybercriminals use AI is to make phishing schemes more believable and harder to detect. Because phishing targets individual users directly, organizations are heavily focused on teaching employees how to recognize and avoid falling victim to these attacks. 

  • End users remain attractive targets. More than 80 percent of organizations faced attacks last year, such as malware, phishing, and password attacks that directly targeted individuals.
     
  • As attacks evolve, security awareness and training will only become more vital. Nearly all (96 percent) of those surveyed say their leadership team supports employee security awareness training.
     
  • Nearly all respondents (98 percent) say phishing prevention is a component of their training programs and plans. Other top training priorities include data security (48 percent) and privacy (41 percent ). 

“As threat actors harness new technologies like AI to augment the sophistication of their attacks, it’s increasingly crucial that employees serve as a robust first line of defense,” stated John Maddison, CMO, Fortinet. “Fortinet’s new research underscores the importance of creating a culture of cybersecurity and the need to deploy organization-wide security awareness and training.” 


RELATED: 5 Best Practices for Logging & Monitoring in Physical Security Integration


The survey was conducted among more than 1,850 executive-level and management-level professionals from 29 different countries at organizations with security awareness and training. Survey respondents came from a range of industries, including manufacturing, financial services, and technology and professional services.