However, this requires a great deal of commitment, if it is to be done properly. In fact, employees need three months' cybersecurity training for companies to reach 'an acceptable level of security', according to leading cybersecurity provider Hornetsecurity's new Employee Security Index (ESI) Benchmark Report.

However, a training 'pause' of just one month can lead to an organisation's ESI score dropping below the level required, it adds, while a four-month hiatus can take organisations back to square one.

The ESI Benchmark Report, which analysed more than 1.7 million simulated phishing attacks across 140,000 employees and over 350 businesses, sheds light on the risks that cyberattacks pose to businesses.

It revealed that 90% of all cyber-attacks start with phishing and more than 40% of all emails have the potential to pose a threat to businesses. Those worrying percentages underscore even more how vulnerable all organisations and their employees are, and how urgent cybersecurity training of the highest quality is, in order to help offset this.

"The ESI Benchmark Report reveals the growing risk that phishing poses to organisations," says Daniel Hofmann, CEO of Hornetsecurity, "and highlights the importance of providing security awareness services to bolster their defences. The findings demonstrate that most employees can reach an acceptable level of security awareness after just three months of training. However, training must be continuous to ensure that employees are prepared against increasingly sophisticated attack methods, which often aim to exploit their blind trust in authority."

Brian Wall
Editor
Computing Security
brian.wall@btc.co.uk