In the rapidly changing landscape of cybersecurity the conversation around the effectiveness of security awareness training platforms has never been more important. As organizations pour significant resources into these platforms, the pressing question remains: are they truly effective in addressing the escalating threat?
A Growing Market
According to Cybercrime Magazine, the global security awareness training market is projected to exceed $10 billion annually by 2027, growing from $5.6 billion in 2023. This impressive growth, driven by a 15% year-over-year increase, suggests that companies recognize the need for more education and training to prevent cyberattacks. In theory, the more you train your employees, the less likely they’ll be tricked by malicious emails or phishing links.
But theory doesn’t always align with reality.
The Reality of Human Behavior
While security awareness platforms may reduce the percentage of users falling for phishing attempts, they haven’t been the silver bullet some might have hoped for. Real-world data shows a persistent gap. According to Barracuda’s 2023 phishing trends report, the average click-through rate on phishing emails is still 11%. This figure may sound small, but that percentage represents a significant vulnerability in a company with over 1,000 employees. Even more alarming, spear-phishing emails make up less than 0.1% of all emails, accounting for 66% of breaches.
In other words, despite training, employees still click.
Moving Beyond Awareness: The “Assumed Breach” Mentality
Recognizing the limitations of security awareness training, some security leaders are adopting an “assumed breach” mentality. Rather than relying solely on training, they accept that breaches are likely to occur, no matter how much effort is put into prevention.
This shift in mindset has sparked a growing interest in innovative solutions like browser isolation technologies. These cutting-edge technologies create a safe environment for users to interact with potentially harmful links. By confining the browsing experience in a secure sandbox, users can be physically prevented from divulging sensitive information on spoofed or dangerous sites, significantly reducing the risk of credential theft.
A Balanced Approach
While it’s true that no security measure is foolproof, a balanced approach that combines awareness training with advanced technologies like browser isolation could be the key to bridging the gap. Companies must understand that while education is vital, mitigating the impact of human error is equally crucial in the fight against cyber threats.
The Future of Cybersecurity Training
As the security awareness training market continues to grow, so will the debate around its effectiveness. What’s clear is that training alone cannot fully protect organizations from the ever-evolving threat landscape. It’s time to look beyond traditional approaches and invest in technologies that complement awareness training and reduce the damage when—inevitably—someone clicks.
Where do you think the industry is heading? Are we on the right track, or is it time for a more drastic shift?
Jacob Friedman is a Strategic Account Director at 3 Tree Tech in Portland. He enjoys researching new disruptive tech across the full stack and introducing it to tech execs across the United States. Message him right here.
For Leaders, By Leaders (FLBL)
We are leaders that enjoy networking leaders with other leaders. Do you want to talk one of our Insights authors, a speaker, or be plugged into one of many communities that we are partnered with across the country? Time to call in the cavalry! We’re saddled up and ready to ride to your rescue.