Typically, the process of employees’ education in information security related issues is limited to examination of some manuals. 

Basing on the SearchInform statistics, only in 12% of organizations special webinars take place and in 16% of organizations full-scale trainings are implemented. At the same time, more and more companies begin to realize the importance of ensuring appropriate information security protection, thus, up to 80% of organizations pay attention to increasing employees’ literacy in information security related issues. 

At the same time 60% of specialists, who are in charge enhancing staff members’ information security literacy simply develop some manuals or regulations, which employees have to examine themselves. 

“This is the most widely spread method, because it is the simplest one – it is enough to establish the regulations on how to work with data once” – comments the leading analyst at SearchInform Sergio Bertoni. However, few employees read such regulations. “People do not understand the risks associated and thus they don’t understand why the regulations are important and how are they corresponding with employees’ job duties. First of all, it is required to check, how well is the information learned. And it is very useful to explain how сrucial the information provided is in real life”.

Some companies’ experts understand that regulations themselves are not sufficient and thus combine different approaches to education process.

For instance, specialists in 51% of organizations send emails to staff members, notifying about new information security risks; special webinars, during which experts tell the audience about the information security challenges and provide employees with recommendations on how to avoid them take place in 12% of organizations; in 16% of organizations full-scale cyber trainings are implemented.

Some respondents refer to third-party expert organizations: 27% of them use free training courses by information security experts, 17% of respondents are ready to pay for such courses.

“In order to make sure that an employee, who is not an information security experts, understands clearly, why is it so important to use different passwords for private and work accounts, how to recognize internet-fraud and takes the required measures to ensure that third-party users do not somehow obtain access to his/her corporate documents, it is useful to address some real-life experience and with its help explain, what are the probable outcomes of neglecting information security rules set in the organization. Information security is quite an abstract sphere, that’s why it is crucial to provide employees with detailed explanation and illustrative cases in the infosec related issues to make the educational process easier and more efficient.” – concludes Sergio Bertoni, the Leading analyst at SearchInform.

The data provided in the report was gathered during the autumn-winter 2022 and more than 1.000 specialists and heads of IS and IT departments from government, commercial and non-commercial organizations from numerous business spheres took part in the survey.

SearchInform is a 100% private company that develops risk management products being one of the industry leaders. More than 3,000 companies across 20+ countries are SearchInform clients. The development team has been creating search technologies for unstructured data since 1995 and started developing information security solutions in 2004. Today, the team has products and services for comprehensive protection against insider threats at all levels of corporate information systems.