This ISMG study, sponsored by Proofpoint, contrasts security professionals’ and employees’ views on awareness training. While 68% of pros believe programs meet objectives, many rely on incomplete metrics like phishing test results. Employees often “go through the motions,” citing training as unengaging and lacking rewards or consequences. Both groups agree phishing simulations are most effective, but gaps exist in preferred formats—employees favor interactive and classroom training, while pros push newsletters and self-paced modules. Budget stagnation and infrequent sessions further weaken impact. The study concludes that aligning incentives, increasing engagement, and tailoring content to employee needs is key to resilient awareness programs.

Join for free to read