“As cyberattacks intensify, more and more organizations recognize the need to have a strong security culture for all employees. This cyber-aware workforce is a necessary addition to a skilled and knowledgeable security team and the use of advanced cybersecurity solutions. Employees who know how to practice good cyber hygiene are increasingly seen as a crucial line of defense.

Bolstering cyber defenses will be important in 2023, as organizations face an ever-evolving threat landscape…Fortinet’s FortiGuard Labs predicts “explosive” growth in Cybercrime-as-a-Service (CaaS); use of machine learning to launder money; cybercrime exploits in augmented, virtual, and mixed reality environments; and data-erasing wiper malware.  This prediction underscores the critical nature of employee cyber- security awareness and training—which is why Fortinet gave these topics their own focus in their 2023 Security Awareness and Training Global Research Brief “ (1, 2) – findings of which can be found below.     

Introduction

Fortinet Research Finds Over 80% of Organizations Experience Cyberattacks that Target Employees

Focusing on the Human Element of Cybersecurity

As cyberattacks intensify, more and more organizations recognize the need to have a strong security culture for all employees. This cyber-aware workforce is a necessary addition to a skilled and knowledgeable security team and the use of advanced cybersecurity solutions. Employees who know how to practice good cyber hygiene are increasingly seen as a crucial line of defense.  The following pages highlight some of the top concerns and actions being taken by leaders around the world, based on survey findings. 

Enabling Employees to Protect their Organization’s Most Critical Digital Assets

Organizations are grappling with an increasingly sophisticated threat landscape.  Fortinet’s FortiGuard Labs found that: 

• Ransomware threats remain at peak levels with no evidence of slowing down globally.
• 84% of organizations experienced one or more breaches in 2022.

 The latest research from Fortinet’s 2023 Security Awareness and Training Global Research Brief reveals that more than 90% of leaders believe that increased employee cybersecurity awareness would help decrease the occurrence of cyberattacks. As organizations face increasing cyber risks, the research highlights the important role of employees in serving as an organization’s first line of defense in protecting their organization from cybercrime.

Additional key findings from Fortinet’s research include:

• Employees can be your weakest point or your most powerful defense.The research found that 81% of organizations faced malware, phishing, and password attacks last year which mainly were targeted at users. This underscores that employees can be an organization’s weakest point or one of its most powerful defenses.
• Employees lack cybersecurity awareness even with current training.  Eighty-five percent of leaders say their organization has a security awareness and training program, yet more than 50% believe their employees still lack cybersecurity knowledge. This gap suggests the training programs in place may not be as effective as they could be, resulting in inconsistency in how employees apply good cyber hygiene practices or that training is not reinforced sufficiently.
• Cybersecurity is increasingly becoming a priority for the Board of Directors. The report found that 93% of organizations indicated their board of directors are asking about the organizations cyber defenses and strategy  (1, 2)

Fortinet’s 2023 Security Awareness and Training Global Research Brief 

Report Methodology

The findings of the Fortinet report are based on an online interview and an email survey of 1,855 IT and cybersecurity decision makers conducted by Sapio Research in November 2022.

Responses were collected from 29 locations: Argentina, Australia, Brazil, Canada, Colombia, France, Germany, Hong Kong, India, Indonesia, Israel, Italy, Japan, Malaysia, Mexico, the Netherlands, New Zealand, People’s Republic of China, the Philippines, Singapore, South Africa, South Korea, Spain, Sweden, Taiwan, Thailand, United Arab Emirates, United Kingdom, and the United States.

Overall results are accurate to ± 2.3% at 95% confidence limits.

Size of Company

• 100-499 employees – 25%
• 500-999 employees – 23%
• 1,000-2,499 employees – 23%
• 2,500-4,999 employees – 15%
• 5,000+ employees – 14%

Gender

• 68% of respondents were male
• 32% of respondents were female

Total respondents: 1,855

• APAC 30%
• EMEA 27%
• North America 22%
• LATAM 22%

Role Type

• 13% of respondents held Owner positions
• 34% of respondents held C-level Executive positions
• 7% of respondents held Vice President positions
• 12% of respondents held Head positions
• 34% of respondents held Director positions

Business Sector Company Sectors – Top 3

• 21% Technology
• 16% Manufacturing
• 13% Financial Services

A pdf version of the Fortinet research brief can be found here:  2023 Security Awareness and Training Global Research Brief

https://oodaloop.com/archive/2023/06/29/ciso-receives-wells-notice-from-the-sec-what-corporate-directors-should-know-and-do/

https://oodaloop.com/archive/2023/03/21/how-to-manage-cyber-risk-as-a-board-director/

https://oodaloop.com/oodacast/2023/03/31/bob-zukis-and-the-digital-directors-network-helping-corporate-boards-mitigate-systemic-risk/

https://oodaloop.com/archive/2023/04/25/what-the-board-needs-to-know-about-quantum-science-and-the-u-s-national-cybersecurity-strategy/