Nearly 64% of Indian companies say their employees lack basic security awareness: Fortinet

Fortinet, a global leader in cybersecurity, has released its annual 2024 Security Awareness and Training Global Research Report, underscoring the critical role a well-trained, cyber-aware workforce plays in mitigating organizational risks. The report reveals key trends in cybersecurity threats, particularly those involving AI-powered attacks, and the growing emphasis on security awareness programs to combat these challenges.

The report highlights the increasing use of artificial intelligence by malicious actors to escalate the speed and sophistication of attacks, making it more difficult for employees to detect and respond to threats. Over 60% of surveyed cybersecurity leaders expect that AI-driven attacks will result in more employees falling victim to malicious schemes in the coming year. Despite this, a significant 82% of respondents believe that heightened awareness about AI-enhanced threats has encouraged organizations to prioritize security awareness and training.

Although employees are often the first line of defence against cyberattacks, the report reveals rising concern over their lack of adequate security knowledge. Nearly 64% of leaders expressed concerns that their employees lack essential cybersecurity skills, up from 56% in 2023. This gap highlights the increasing need for robust, ongoing security awareness training.

Despite these concerns, the report found that organizations that implement regular security awareness training see substantial improvements in their cybersecurity posture. In fact, 86% of executives reported seeing at least some improvement in their organization’s security effectiveness after introducing awareness programs. Importantly, employees themselves are receptive to training: 94% of leaders reported that their teams view cybersecurity training positively.

Phishing attacks, enhanced by AI, are a primary concern for many businesses. With over 80% of organizations experiencing targeted attacks such as phishing, malware, and password-related threats, training employees to recognize and respond to these risks is crucial. The survey indicates that phishing prevention is a core component of training for nearly all organizations (98%), while data security and privacy are also top priorities.

The survey also sheds light on what makes security awareness training successful. While 90% of cybersecurity leaders are satisfied with their current training programs, the report points out that engaging and relevant content is key to maintaining employee interest and ensuring long-term effectiveness. Additionally, the duration of training sessions is crucial—organizations are advised to keep sessions between 1.1 and 2.0 hours to avoid training fatigue.

Fortinet emphasizes that building a cybersecurity-aware workforce is essential in creating a strong defence against evolving threats. The company offers its Security Awareness and Training service through the Fortinet Training Institute, which provides customized, engaging content across a broad range of topics. This service includes periodic reinforcement through reminders and checks to ensure continuous learning, along with dashboards for tracking progress and ensuring compliance with cyber insurance and regulatory requirements.

Fortinet’s comprehensive approach aims to develop a three-pronged defence strategy that combines employee awareness, technical skills for IT staff, and advanced security solutions to protect the entire organization from cyber threats. With cybersecurity risks continuing to evolve, organizations are urged to invest in both technical defences and human capital to ensure a resilient security posture.