We have long maintained that technical means are not enough to protect a business from cyberthreats. It is entirely possible for a single person to negate the effect of an entire information security team. In many cases, it may be unintentional, the result of lacking basic cybersecurity knowledge, being unaware of threats, or diverted attention. That is why many companies (according to our data, approximately 65%) already invest in employee cybersecurity training.
There, however, complications may arise. The person who decides staff awareness needs to be raised is not necessarily the person responsible for arranging the training. And, although the first person sees an obvious problem, the latter may not solidly understand what cybersecurity training is, how to train staff, or even why the training is needed.