Fortinet’s latest report reveals that nearly 70% of organizations feel their employees lack basic cybersecurity knowledge, highlighting the ongoing risks posed by evolving cyberattacks. Leaders are especially concerned about the increase of cybercriminals using artificial intelligence (AI) to make their attacks more sophisticated and challenging to detect.
“Employees must serve as a strong first line of defense as attackers use new technologies like AI to enhance their methods,” John Maddison, chief marketing officer, Fortinet, said in a media release.
The survey, conducted among more than 1,850 professionals from various industries, found that while 80% of respondents acknowledge the dangers of AI-enhanced attacks, they believe employee training remains an important component in their defense strategy. Phishing attacks, which target individual users, were a common concern, with nearly all respondents incorporating phishing prevention into their training.
Leaders are also beginning to see positive outcomes from security awareness programs.
“After implementing training, 89% of organizations noticed improvements in their security posture,” said Maddison.
Despite the progress, nearly all respondents (96%) believe more cybersecurity awareness among employees would further strengthen their organization’s defenses. To improve effectiveness, organizations are focusing on delivering regular, high-quality training. Some 47% of leaders conduct training quarterly, while 34% deliver it monthly.
The cybersecurity firm emphasized that employee engagement in cybersecurity is crucial. While IT teams manage the technical aspects of cybersecurity, employees must remain vigilant against phishing schemes, malware, and other attacks that directly target individuals. Engaging training content and manageable time commitments are key to avoiding training fatigue and ensuring employees stay prepared.