Cyber Crime & ForensicCyber SafetyPress Release

Newer, Untrained Employees Heighten Cyber Risk for Organisations: CybeReady Research

CybeReady, a global leader in security awareness training, has conducted extensive research based on millions of data points, accumulated from training enterprise employees over the past five years. According to CybeReady, the data reveals that new employees regularly show a propensity for higher-risk behaviours compared to veteran employees. The data coming out of CybeReady establishes a direct correlation between employee veterancy within a company and its cybersecurity risk level.

The new findings highlight the significance of the employee learning curve and its impact on cybersecurity risk. The data groups employees into three main clusters according to their risk level (Low, Medium, and High Risk), and assumes every employee engages in continuous and regular training – at least one short training session per employee per month.

According to the data, during the first 0-6 months with an organization, basic training is often provided to new employees in order to establish a risk baseline. As early-stage employees progress to the 6-12 month mark, they are exposed to advanced training simulations and reveal a medium level of risk. However, after the 12-month mark, a breakpoint is observed, indicating a significant decrease in risk.

The research further reveals a stark contrast in behaviour between new and veteran employees (Figure 1). On average, new employees (less than six months with the company) are more than twice as likely to click on phishing emails compared to their veteran counterparts, demonstrating increased susceptibility to cyber threats.


Figure 1 – Cyber Behaviour by Veterancy

In addition, the study examines the reporting rate of phishing attempts and identifies an “opposite correlation” between employee risk level and their reporting rate (Figure 2). It was observed that low-risk employees tend to report up to 50% more than medium-risk employees, or up to four times more than high-risk employees. This suggests that training not only fosters secure habits and empowers employees to avoid phishing emails, but also encourages a proactive approach to reporting such threats. This behaviour change plays a crucial role in protecting organizations from potential consequences caused by employees without training behind them.

Figure 2 – Phishing Reporting by Risk Group

“Our data demonstrate the crucial role employees play in keeping the organization safe, and how administering effectiveness training can truly change employee behaviour,” said Eitan Fogel, CEO of CybeReady. “By recognizing the increased vulnerability of new employees and providing targeted training at various stages of veterancy and risk levels, organizations can mitigate cyber risks and thereby strengthen their overall security posture.”

CybeReady remains committed to building employee readiness for cyberattacks by developing innovative cybersecurity training that equips employees with the skills to identify and thwart cyber threats. Their research underscores the importance of investing in continuous training programs to strengthen the human element of cybersecurity and minimize organizational risk.

CSA Editorial

Launched in Jan 2018, in partnership with Cyber Security Malaysia (an agency under MOSTI). CSA is a news and content platform focusing on key issues in cybersecurity in the region. CSA is targeted to serve the needs of cybersecurity professionals, IT professionals, Risk professionals and C-Levels who have an obligation to understand the impact of cyber threats.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *