Security Awareness Training Statistics 2024 – Everything You Need to Know

Steve Bennett
Business Formation Expert  |   Fact Checked by Editorial Team
Last updated: 
WebinarCare offers informative content for educational purposes only, not as a substitute for professional legal or tax advice. We may earn commissions if you use the services we recommend on this site.
WebinarCare is led by Steve Bennett, a seasoned expert in the business world. He's gathered a team that's passionate about giving you reliable advice on everything from starting a business to picking the right tools. We base our tips and guides on real-life experience, ensuring you get straightforward and proven advice. Our goal is to make your business journey smoother and more successful. When you choose WebinarCare, you're choosing a trustworthy guide for all things business.

Are you looking to add Security Awareness Training to your arsenal of tools? Maybe for your business or personal use only, whatever it is – it’s always a good idea to know more about the most important Security Awareness Training statistics of 2024.

My team and I scanned the entire web and collected all the most useful Security Awareness Training stats on this page. You don’t need to check any other resource on the web for any Security Awareness Training statistics. All are here only 🙂

How much of an impact will Security Awareness Training have on your day-to-day? or the day-to-day of your business? Should you invest in Security Awareness Training? We will answer all your Security Awareness Training related questions here.

Please read the page carefully and don’t miss any word. 🙂

Best Security Awareness Training Statistics

☰ Use “CTRL+F” to quickly find statistics. There are total 269 Security Awareness Training Statistics on this page 🙂

Security Awareness Training Market Statistics

  • That something is upping their spending on security awareness computer based training which, according to the latest forecast by Gartner is a market that’s growing “big time”, and pegs the overall global market growth at 13 percent. [0]
  • In late 2014, the overall security awareness training market was estimated to be $1 billion by Andrew Walls, Research Vice President for Security, Risk and Privacy at Gartner. [0]
  • From 2014 to 2015, market growth for them was 55 percent, Research Director Perry Carpenter writes in his analysis of Gartner’s 2016 “Magic Quadrant” report for security awareness CBT. [0]
  • The security awareness training market is probably growing at a 20 plus percent clip when all of the spending is factored in.”. [0]
  • The worldwide information security market is forecast to reach $170.4 billion in 2024, according to Gartner. [1]

Security Awareness Training Software Statistics

  • 69% of organizations don’t believe the threats they’re seeing can be blocked by their anti. [1]
  • One customer, Pennsylvania based safety product manufacturer MSA Safety, started out their first year’s training program with a 25 percent failure rate. [2]

Security Awareness Training Latest Statistics

  • 95% of cybersecurity breaches are caused by human error.[1] The proportion of businesses targeted by cyber criminals in the past year increased from 38% to 43%, many suffering multiple attacks.[2] Terranova Security’s 2020. [3]
  • Phishing Tournament results showed that almost 20% of all employees are likely to click on phishing email links. [3]
  • 67% of those will then go on to enter the requested details into a phishing website!. [3]
  • Meaning that 13.4% of employees will potentially enter passwords and personal details to a phishing. [3]
  • 68% of business leaders feel their cybersecurity risks are increasing.[4]. [3]
  • 93% of cybersecurity professionals agree that humans and technology need to work together to detect and respond to threats, like phishing attacks.[6] Since the pandemic began, the FBI reported a 300% increase in reported cybercrimes.[7]. [3]
  • According to research by Ponemon, even the least effective training programmes have a 7 fold return on investment.[8]. [3]
  • The likelihood of arresting a cybercriminal is less than 1% of the total number of malicious cyber incidents reported annually in the United States 85% of data breaches were due to the “human element” . [4]
  • 43% of employees are “very” or “pretty” certain they have made a mistake at work with security repercussions. [4]
  • according in the 2021 Hiscox cyber maturity model, yet funding for training decreased 8%. [4]
  • The number of publicly reported data breaches so far in 2021 already exceeds the total number of data breaches in FY 2020 by 17%. [4]
  • The number of records compromised in public reported data breaches increased by 141% and far exceeds the most records exposed in a single year since the RBS reporting began in 2005. [4]
  • The number of healthcare data breaches increased 55.1% in 2020 compared to the prior year. [4]
  • The estimated cost of cybercrime exceeded $1 trillion globally in 2020, more than a 50% increase in two years. [4]
  • Phishing was the top cybercrime in the United States in 2020 accounting for more than 30% of all victims; while BEC attacks caused the great victim loss of $1.86 billion dollars. [4]
  • Account takeover fraud skyrocketed over 300% in Q2 2021 compared to Q2 2019. [4]
  • Vulnerabilities were up almost 10% in theNIST National Vulnerability Database in 2021. [4]
  • Cyber incidents are one of the top three business risks Analysis of proxy statements and Form 10 K filings revealed only 29% of Fortune 100 companies used education and training to mitigate cybersecurity risk, up 11% from 2018. [4]
  • Twentyfour percent of C suite executives and 54% of small business owners say they have no regular training on information security procedures or policies . [4]
  • Shred it) 20% of employees said their IT department provided no tips for working remotely. [4]
  • Phishing was part of 36% of all data breaches. [4]
  • The use of HTTPS on phishing sites rose sharply in 2020 with 72% making using of digital certificates and TLS encryption. [4]
  • BEC scam attempts increased 35% in 2020 compared to 2019. [4]
  • BEC cost companies more than $1.8 billion in 2019 with the average cost growing 48% in the first three quarters of 2020. [4]
  • 56% of employees use a personal computer when working from home; 25% don’t know the security protocols on their devices; and 20% said their IT department provided no tips for working from home. [4]
  • Remote work increasing the time to identify and contain a data breach according to 76% of respondentsCost of a Data Breach Report 2020, Ponemon Group and IBM Security). [4]
  • 54% of IT leaders surveyed believe remote working increases insider threat. [4]
  • Ransomware attacks increased 250% in the first half of 2021 . [4]
  • Ransomware attacks increased 485% in 2020 compared to 2019. [4]
  • The average ransomware payout was greater than $233,000 per event in the Q3 2020 up 31% from the Q2 with ransomware attack vectors being adjusted to the target organization size. [4]
  • Nearly half of U.S. consumers experienced identity theftU.S. Identity Theft The Stark Reality Identity related losses were estimated to increase by 42% between 2019 and 2020U.S. Identity Theft. [4]
  • One research study found that hackers attack computers every 39 seconds 63% C Suite executives report their employees have left confidential documents out in the open. [4]
  • Improper document disposal accounted for 14% of data breaches caused by physical attacks. [4]
  • 57% of employees still save passwords on sticky notes. [4]
  • Cyber attacks against IoT increased 35% in the first half of 2020 . [4]
  • 97% of organizations in 2020 faced mobile threats that used multiple attack vectors. [4]
  • Six in ten employees use non encrypted USB devices at work, while nearly half (48%). [4]
  • 46% of organizations had at least one employee download a malicious mobile application. [4]
  • Users misplacing devices is responsible for 64% of all mobile device losses while theft is responsible for 36%. [4]
  • 85% are outside of email,CyberNews). [4]
  • The number of stolen usernames and passwords in circulation has increased by 300% since 2018 . [4]
  • 44% of employees reuse passwords across personal & work. [4]
  • 51% of individuals and 49% of IT professionals sometimes or frequently share passwords with colleagues. [4]
  • 55% of individuals don’t use 2FA when they access work related items with a personal device. [4]
  • 62% of employees share passwords by text message and emailWorkplace Password Malpractice Report 2021, Keeper Security). [4]
  • 59% of IT security leaders expect Insider Risks to increase over the next two years2021 Data Exposure Report, Code42). [4]
  • 68% of organizations confirmed insider attacks were becoming more frequent. [4]
  • According to data analyzed by , Google reported more than 2 million phishing websites in 2020. [4]
  • The average healthcare worker has access to 31,000 sensitive files on their first day of work, including HIPPA protected information, and nearly 20% of all files are open to every employee. [4]
  • 73% of enterprise devices contain sensitive data. [4]
  • Employees are 85% more likely today to leak files than prior to the COVID. [4]
  • Since the COVID 19 pandemic began, the United States lost more than $36 billion of the $360 billion CARES Act due to unemployment fraud, with fraudulent claims accounting for 35% to 40% of new applications. [4]
  • Total complaints for Internet crimes in the United States spiked 69% during the pandemic. [4]
  • Worldwide there was a 350% increase in phishing websites in the first quarter of 2020, many targeting hospitals and healthcare systems. [4]
  • Sensitive data on endpoints has increased 41% since preCOVID. [4]
  • 18% of BEC attacks were made against Financial Services companies, greater than any other sector. [4]
  • Mobile phishing attacks against the Finance Sector grew 125% in 2020, the largest increase of any industry. [4]
  • Only 20% of Financial Services employees think an employee needs to be in the office 3 days per week or more and only 2% of employees would work in an office without a remote option. [4]
  • Account takeover fraud in Fintech exploded by 850% with most attacks focused on crypto and digital wallets. [4]
  • 48% of hospital executives forced a proactive shutdown in the last 6 months due to ransomware. [4]
  • The average cost of a data breach in the Healthcare sector increased 29.5% to $9.23 million in 2021, the highest cost of any sector. [4]
  • The number of healthcare breaches increased 55% over 2019. [4]
  • Ransomware Activity Targeting the Healthcare and Public Health Sector) Telehealth soared 63.4% in the U.S. in 2020. [4]
  • Attacks on healthcare endpoints in 2020 increased 9,851% from 2019 . [4]
  • Ransomware attacks targeting healthcare organizations have increased 45%. [4]
  • Approximately 60% of medical devices were at endof life with no security patches of upgrades available in 2018. [4]
  • Almost 25% of state and local government employees use personal unmanaged mobile devices, while almost 9 percent do in the federal government. [4]
  • 89% of Energy companies have defined their cybersecurity strategy, but only 44% have fully identified and protected their key processes and technological dependencies. [4]
  • Globally, the percentage of attacked industrial control systems in the second half of 2020 was 33.4 percent. [4]
  • 43% of energy sector companies that reported being hit by ransomware paid the ransom, the highest of any sector. [4]
  • There is increased demand for cyber insurance; the take up rate nearly doubled from 2016 – 2020, rising to 47%. [4]
  • 91% use security awareness to reduce cybersecurity risk related to user behavior. [5]
  • 64% use it to change user behavior. [5]
  • 61% use it to address regulatory requirements. [5]
  • 55% use it to comply with internal policies. [5]
  • 46% use awareness campaigns. [5]
  • 45% use in person security awareness training. [5]
  • 38% use monthly notifications or newsletters. [5]
  • An example model for development 10% formalAlthough it’s corporate training, formal content should be the least sections in your training material. [5]
  • 20% informalInformal content such as webinars, videos, and collaborations better engage users. [5]
  • 70% real experienceContent in this section should be customized to fit the organization’s culture and experience. [5]
  • Our customers have used our Anti Phishing Training Suite and our Continuous Training Methodology to reduce successful phishing attacks and malware infections by up to 90%. [5]
  • Security training has shown to reduce click rates by up to 50%. [5]
  • In 2015, the average cost of corporate data breaches increased by 15% compared to the previous year, reaching $3.5 million. [6]
  • Organizations should realize that no matter how much money they invest in intrusion detection, it would not actually help if the workforce is clicking on simple phishing emails 50% of Internet users receive at least one phishing email a day. [6]
  • More alarmingly, 97% of the people in the world cannot identify a phishing email and one in 25 actually clicks on such emails. [6]
  • SC Magazine Poll asked its readers if they think employee security awareness training is useful and 88.07% answered positively. [6]
  • According to the results of the 2014 US State of Cybercrime Survey, around 42% of respondents asserted that the security awareness training of new employees helped to deter attacks. [6]
  • Around 53% of companies have some form of security awareness training in place. [6]
  • For example, 80% of more than 400 West Point cadets still clicked on a phishing link even after having been subjected to a four hour security awareness training. [6]
  • 58% of companies worldwide had a security strategy in 2016, 52% had security standards for interaction with third parties and 49% conducted security threat assessments. [6]
  • The SANS 2015 Survey on Insider Threats revealed that 74% of CISOs are concerned about employees stealing information from their organizations. [6]
  • A PwC survey in 2015 revealed that 34% of attacks worldwide were conducted by current employees while another 28% were conducted by former ones. [6]
  • 72% of security incidents at financial services organizations actually involved either a current or former employee. [6]
  • More importantly, 50% of CEOs did not feel prepared for a cyber attack in 2015 which further proves the importance of security awareness. [6]
  • 99% of Internet users are vulnerable to exploit kits while education was the cause for 6.6% of all security incidents in 2015. [6]
  • Mobile devices were considered the weakest IT security link according to the 2015 Cyberthreat Defense Report and 58% of Internet users operate 3 or 4 devices on a daily basis. [6]
  • 59% of the respondents in the report asserted that mobile threats increased in the past year. [6]
  • According to Rob Kraus, random security training in organizations results in a 1015% reduction in the likelihood of a successful attack and consistency in training and estimating its effectiveness is needed to reach a 40. [6]
  • As evident, he clearly points out that a 100% reduction of successful attacks is impossible. [6]
  • Another study in a Fortune 50 organization led to 35% of the organization’s employees, who were subjected to a simulated phishing attack, to fall for it. [6]
  • , additional training was provided and after a follow up, only 6% were tricked, which winds up to an 84% decrease in susceptibility to the threat. [6]
  • 45% of employees participating in an EMA research study were a part of online interactive training, 47% were a part of noninteractive training and 41% were part of a traditional classroom. [6]
  • They aggregated the numbers and through such a training, the overall Phish prone percentage dropped from 15.9% to 1.2% in a year. [6]
  • 48% of the respondents of the EMA research study stated that their organization measured the effectiveness of the security awareness program; while 18% were certain that it was not measured and 34% did not have any idea whether progress was measured. [6]
  • Unfortunately, 62% of organizations measured effectiveness by training completion which is mere attendance and 55% used testing that occurred at the end of the session while they should be collecting metrics from employee behavior and testing. [6]
  • 71% of companies were subjected to a successful cyberattack but only 52% of them expected to be attacked again in 2015. [6]
  • Security incidents are on the rise in healthcare they rose by 60%, in the automotive industry they rose by 32% reportedly, and so on. [6]
  • Enterprises that have between 10,000 and 20,000 employees have only around 8% of untrained employees. [6]
  • Furthermore, 63% of businesses do not have a fully mature way to track and control the flow of their sensitive data while 59% of employees steal proprietary data when they quit or when they are fired. [6]
  • New KnowBe4 Statistics Reveal Security Awareness Training Reduces Phishing Susceptibility by 75% Companies Participating in KnowBe4 Internet Security Awareness Training. [7]
  • The findings, which are based on a case study of three KnowBe4 clients, revealed that between 26% and 45% of employees at those companies were Phish prone™, or susceptible to phishing emails. [7]
  • Implementation of ISAT immediately reduced that percentage by 75%; with subsequent phishing testing over four weeks resulting in a close to zero phishing response rate across all three companies. [7]
  • The results were alarming; KnowBe4’s phishing statistics revealed an average 36.67% click rate among the three companies. [7]
  • 45% Company B 39% Company C 26%. [7]
  • After the first email in the posttraining test campaign, Company A’s Phish prone percentage dropped to 28%, while Company B and Company C had a 0% click rate; resulting in an average of 9.33% across the three organizations. [7]
  • That represents an immediate overall 74.55% reduction in phishing susceptibility after the first training session. [7]
  • The second email in the campaign netted only a 7.10% response rate from Company A, while Company B and Company C held steady at 0%. [7]
  • Following the third email in the series, Company A had joined Company B at 0% phishing susceptibility, while Company C had a 1% response rate. [7]
  • The fourth email in the campaign – a message that appeared to have been sent from the companies’ own IT departments – fooled some employees at Company A (3.5%) and Company B (10%). [7]
  • By the fifth email in the test campaign, all three companies had achieve a 0% Phish prone rate; representing a full 100% reduction in susceptibility to phishing tactics. [7]
  • CNBC reports that small businesses also fall prey to hackers 43% of the time. [8]
  • 27% of employees clicked on an email phishing link during a pen test for a social engineering study. [8]
  • Only 30% of internet users in the U.S. know what malware is; 50% of users have been a victim of identity theft; Security awareness training is one way to manage such risks. [8]
  • Did you know that 91% of successful data breaches started with a spear phishing attack?. [9]
  • Did you know 81% of hacking related breaches used either stolen and/or weak passwords?. [9]
  • Global spending on security awareness training for employees predicted to reach $10 billion by 2027 Menlo Park, Calif. – Feb. 6, 2017. [0]
  • Of the 18 training companies in the report, Carpenter went on to write, 15 had yearover year revenue growth exceeding 25 percent and four had super growth of 100 percent. [0]
  • “You see Phish prone percentages go from an average of 15 to 20 percent down to one to two percent after a year,” he adds. [0]
  • Both Trend Micro and PhishMe found that more than 90 percent of successful hacks and data breaches stem from phishing, emails crafted to lure their recipients to click a link, open a document or forward information to someone they shouldn’t. [0]
  • Through the use of various security awareness techniques, he says, workforce susceptibility to phishing declined by more than 40 percent. [0]
  • At the City of San Diego, for instance, security incidents related to phishing dropped 15 to 20 percent during the first year of its security awareness program, but then they began to rise again. [0]
  • according to a survey of 1,000 CXO’s conducted in June 2020. [10]
  • Even more alarmingly, 93% of these CXO’s said they were forced to delay security projects in order to help manage their company’s transition to remote work. [10]
  • They all use a computer to do most of their work, with 43% working from an office, and 57% working remotely. [10]
  • Based on this scoring system, 60% of respondents failed the assessment. [10]
  • In fact, 7% of respondents answered every single question incorrectly, while less than 1% of respondents got all seven questions correct. [10]
  • Except 69% of all respondents have received cybersecurity training from their current employers. [10]
  • Of the respondents who have received training, 61% answered fewer than four questions correctly. [10]
  • And out of all the respondents who answered all seven questions wrong, 80% reported having received training. [10]
  • Despite their largely inherent familiarity with technology, employees aged 18 24 collectively performed the worst on the quiz, with only 16% of them passing. [10]
  • Twentyfive to 34year old’s tied with those aged 54 and over for the best collective performance, with a pass rate of 43%. [10]
  • But only 17% of employees in information services passed the quiz, compared to 57% of healthcare employees. [10]
  • And yet, 93% of respondents working in information services report receiving cybersecurity training, compared to 67% of healthcare respondents. [10]
  • According to a recent report by Deloitte, more than 500,000 people worldwide were affected by cyberattacks on video conferencing services between February and May of 2020. [10]
  • When we asked all respondents if they feel safe from cybersecurity threats, 56% responded “yes,” 25% “no,” and 19% “unsure.”. [10]
  • This reasoning offers an explanation as to why 74% of respondents who answered every single question incorrectly report feeling safe. [10]
  • Meanwhile, not one of the mere 4 of 1,200 respondents (0.33%). [10]
  • IBM’s 2014 Cybersecurity Intelligence Index found that 95% of breaches were caused by human error. [10]
  • A similar 2019 study conducted by CybSafe found that number to be 90% among UK cyber data breaches. [10]
  • According to our survey results, 77% of employees reported that their company has an established cybersecurity policy, but 19% of them admit they’re not familiar with it. [10]
  • A stunning 33% of employees store their passwords in their browsers — a habit that is far riskier than most realize. [10]
  • The company reconducted the study and revealed in October 2020 that the number is now around 100, a 25% increase. [10]
  • But it’s safe to say that this isn’t the case for at least 73% of respondents who aren’t using a password manager. [10]
  • That number drops down to 1% among employees who have completed training. [10]
  • Eighty eight percent use a password, compared to 79% of those without training. [10]
  • Forty eight percent use encryption, compared to 28% without training. [10]
  • And 29% of trained employees use a password manager, compared to 22% of those without training. [10]
  • There are two notable exceptions where employees with training actually exhibit more unsafe behavior than those without 34% of those with training still store their passwords in plaintext, compared to 16% of those without training. [10]
  • 60% use public WiFi to work, compared to 52% of those without training. [10]
  • Before the COVID 19 pandemic, 20% of attacks were carried out using previously unseen malware or other methods. [10]
  • That number has jumped up to 35% since the start of the pandemic. [10]
  • 32%of remote employees use a password manager, compared to only20%of office employees. [10]
  • 49%of remote employees protect their laptops using encryption, compared to32%of office workers. [10]
  • 65%of office workers report they sometimes use their personal devices for work, compared to49%of remote workers who said the same 36%of office workers store their passwords in plaintext, compared to only22%of remote workers. [10]
  • In fact, research shows that human error is involved in more than 90% of all security breaches. [11]
  • Research suggests that human error is involved in more than 90% of security breaches. [11]
  • According to 2020 Gone Phishing Tournament simulation results, 1 in every 5 users may click on a phishing email link and potentially compromise sensitive data. [12]
  • The more a security awareness training program is aligned with proven pedagogical learning techniques, such as the Terranova Security 5 step framework, the more likely it is to attain its behavior change objectives. [12]
  • According to Cybint, 95% of cybersecurity breaches are caused by human error. [1]
  • 95% of cybersecurity breaches are caused by human error. [1]
  • 88% of organizations worldwide experienced spear phishing attempts in 2019. [1]
  • 68% of business leaders feel their cybersecurity risks are increasing. [1]
  • On average, only 5% of companies’ folders are properly protected. [1]
  • 86% of breaches were financially motivated and 10% were motivated by espionage. [1]
  • 45% of breaches featured hacking, 17% involved malware and 22% involved phishing. [1]
  • and .dot which make up 37%, the next highest is .exe. [1]
  • An estimated 300 billion passwords are used by humans and machines worldwide. [1]
  • Personal data was involved in 58% of breaches in 2020. [1]
  • Security breaches have increased by 11% since 2018 and 67% since 2014. [1]
  • 64% of Americans have never checked to see if they were affected by a data breach. [1]
  • 56% of Americans don’t know what steps to take in the event of a data breach. [1]
  • The average ransomware payment rose 33% in 2020 over 2019, to $111,605. [1]
  • 94% of malware is delivered by email. [1]
  • 48% of malicious email attachments are office files. [1]
  • Ransomware detections have been more dominant in countries with higher numbers of internet connected populations, and the U.S. ranks highest with 18.2% of all ransomware attacks. [1]
  • Most malicious domains, about 60%, are associated with spam campaigns. [1]
  • About 20% of malicious domains are very new and used around one week after they are registered. [1]
  • 65% of groups used spear phishing as the primary infection vector. [1]
  • Phishing attacks account for more than 80% of reported security incidents. [1]
  • 30% of data breaches involve internal actors. [1]
  • 90% of remote code execution attacks are associated with cryptomining. [1]
  • 66% of companies see compliance mandates driving spending. [1]
  • 15% of companies found 1,000,000+ files open to every employee. [1]
  • 17% of all sensitive files are accessible to all employees. [1]
  • About 60% of companies have over 500 accounts with non. [1]
  • More than 77% of organizations do not have an incident response plan. [1]
  • Companies reportedly spent $9 billion on preparing for the GDPR and, in 2018, legal advice and teams cost UK FTSE 350 companies about 40% of their GDPR budget or $2.4 million. [1]
  • 88% of companies spent more than $1 million on preparing for the GDPR. [1]
  • Since the GDPR was enacted, 31% of consumers feel their overall experience with companies has improved. [1]
  • By 2019, only 59% of companies believed they were GDPR compliant. [1]
  • 70% of companies agree that the systems they put in place will not scale as new GDPR regulations emerge. [1]
  • The healthcare industry lost an estimated $25 billion to ransomware attacks in 2019. [1]
  • More than 93% of healthcare organizations experienced a data breach in the past three years. [1]
  • 15% of breaches involved healthcare organizations, 10% in the financial industry and 16% in the public Sector. [1]
  • Trojan horse virus Ramnit largely affected the financial sector in 2017, accounting for 53% of attacks. [1]
  • Financial and manufacturing services have the highest percent of exposed sensitive files at 21%. [1]
  • Manufacturing companies account for nearly a quarter of all ransomware attacks, followed by the professional services with 17% of attacks, and then government organizations with 13% of attacks. [1]
  • The U.S. government allocated an estimated $18.78 billion for cybersecurity spending in 2021. [1]
  • Lifestyle (15%) and entertainment (7%). [1]
  • Supply chain attacks were up 78% in 2019. [1]
  • Security services accounted for an estimated 50% of cybersecurity budgets in 2020. [1]
  • The total cost of cybercrime for each company increased by 12% from $11.7 million in 2017 to $13.0 million in 2018. [1]
  • In 2019 over 2020, Scandinavia saw the largest increase in total cost of data breaches at 12%, while South Africa saw the largest decrease at 7.4%. [1]
  • 50% of large enterprises are spending $1 million or more annually on security, with 43% spending $250,000 to $999,999, and just 7% spending under $250,000. [1]
  • More than 70 percent of security executives believe that their budgets for fiscal year 2021 will shrink. [1]
  • Since the pandemic began, the FBI reported a 300% increase in reported cybercrimes. [1]
  • 27% of COVID. [1]
  • target banks or healthcare organizations and COVID 19 is credited for a 238% rise in cyberattacks on banks in 2020. [1]
  • Confirmed data breaches in the healthcare industry increased by 58% in 2020. [1]
  • 52% of legal and compliance leaders are concerned about thirdparty cyber risks due to remote work since COVID. [1]
  • 47% of employees cited distraction as the reason for falling for a phishing scam while working from home. [1]
  • 81% of cybersecurity professionals have reported their job function changed during the pandemic. [1]
  • Cloud based cyber attacks rose 630% between January and April 2020. [1]
  • Remote workers have caused a security breach in 20% of organizations. [1]
  • 27% of COVID19 cyberattacks target banks or healthcare organizations and COVID 19 is credited for a 238% rise in cyberattacks on banks in 2020. [1]
  • Confirmed data breaches in the healthcare industry increased by 58% in 2020. [1]
  • 61% of companies think their cybersecurity applicants aren’t qualified. [1]
  • 70% of cybersecurity professionals claim their organization is impacted by the cybersecurity skills shortage. [1]
  • Since 2016, the demand for Data Protection Officers has skyrocketed and risen over 700%, due to the GDPR demands. [1]
  • 61% of cybersecurity professionals aren’t satisfied with their current job. [1]
  • There was a 350 percent growth in open cybersecurity positions from 2013 to 2021. [1]
  • 40 percent of IT leaders say cybersecurity jobs are the most difficult to fill. [1]
  • The cybersecurity unemployment rate is 0% and is projected to remain there through 2021. [1]
  • By 2021, 100% of large companies globally will have a CISO position. [1]
  • Information Security Analysts job positions in the US are expected to grow 31% from 2019–29. [1]
  • Computer Network Architect job positions in the US are expected to grow 5% from 2019–29. [1]
  • Computer Programmer job positions in the US are expected to decline 9% from 2019–29. [1]
  • And according to Ponemon, the average 10,000 employee company spends $3.7 million a year on dealing with phishing attacks. [2]
  • “Now we’re in the 5 to 8 percent fail rate,” said Steve Rocco, the company’s global cyber security manager. [2]
  • Survey Reveals 24% of Healthcare Employees Have Had No Security Awareness Training. [13]
  • 59% of healthcare respondents said their employer continued to provide security awareness training throughout 2020; however, the survey revealed 24% of healthcare respondents said their employer had not provided any security awareness training. [13]
  • Out of all industry sectors, healthcare employees were the least aware of social engineering threats such as phishing and business email compromise , with only 16% of healthcare employees saying they understood those threats very well. [13]
  • KnowBe4 says when employees are provided with training once a month they are 34% more likely to believe clicking a link in an email is a risky behavior than employees that only receive training once or twice a year. [13]
  • 61% of respondents in healthcare knew that their organization was required to comply with HIPAA, but 19% said they were unsure. [13]
  • 20% said they knew or believed their organization was not a HIPAA. [13]
  • Conceringly, 56% of Americans don’t know what steps to take in the event of a data breach. [14]
  • According to Verizon’s 2019 Data Breach Investigations Report, 32% of breaches involved phishing. [14]
  • By some estimates, up to 30% of the workforce will be workingfrom home at least two days per week by 2021, estimates Kate Lister, President of Global Workplace Analytics. [14]
  • Many companies were unprepared for this dramatic change as only 3.6% of the U.S. employee workforce worked remotely half time or more before the pandemic. [14]
  • From January to February, researchers from Barracuda Networks reported a 667% spike in COVID 19 related email attacks. [14]
  • Unfortunately, 78% of employees are aware of the risks of suspicious links in emails but click on them anyway. [14]
  • Even worse, only 16 20% of people admitted to clicking on the suspicious link in the study. [14]
  • 9 out of 10 U.S. businesses fall victim to cybersecurity incidents each year, according to an HSB Survey. [14]
  • According to a study from Mimecast, only 45% of organizations provide formal security awareness training that is mandatory for all employees. [14]
  • Shockingly, merely 10% of organizations have training programs available, and they are only optional. [14]
  • Studies show security related risks are reduced by 70% when businesses invest in cybersecurity awareness training. [14]
  • 45% of employees receive no security training at all from their employer, according to a survey conducted by CompTIA. [14]
  • Even a modest investment in security awareness and training has a 72% chance of significantly reducing the business impact of a cyber attack. [14]
  • Data breaches cost UK organisations an average of £2.9 million In 2019, human error accounted for 90% of breaches Those facts alone are usually enough to convince people security awareness training is important. [15]
  • A recent survey by Arcserve , shows that 70% of consumers believe businesses aren’t doing enough to ensure cyber security. [15]
  • Nearly 2 out of every 3 consumers would likely avoid doing business with a business that had experienced a cyberattack in the past year. [15]

I know you want to use Security Awareness Training Software, thus we made this list of best Security Awareness Training Software. We also wrote about how to learn Security Awareness Training Software and how to install Security Awareness Training Software. Recently we wrote how to uninstall Security Awareness Training Software for newbie users. Don’t forgot to check latest Security Awareness Training statistics of 2024.


  1. cybersecurityventures –
  2. varonis –
  3. csoonline –
  4. pensar –
  5. securitymentor –
  6. proofpoint –
  7. infosecinstitute –
  8. knowbe4 –
  9. itsasap –
  10. knowbe4 –
  11. talentlms –
  12. mimecast –
  13. terranovasecurity –
  14. hipaajournal –
  15. touchstonesecurity –
  16. cybsafe –

How Useful is Security Awareness Training

The rapid increase in cyberattacks highlights the urgent need for education and awareness about security best practices among all stakeholders. Security awareness training equips individuals, from employees to executives, with the knowledge and skills necessary to recognize and respond to potential threats effectively. By enhancing employees’ understanding of potential risks and their roles and responsibilities in keeping data safe, organizations can significantly reduce the likelihood of cyber incidents and their associated costs.

Perhaps one of the greatest benefits of security awareness training lies in its ability to instill a culture of cybersecurity within organizations. While advanced technologies and sophisticated cybersecurity solutions are important, they are not foolproof. Employees continue to be a weak point in the security chain, often unwittingly falling prey to cleverly crafted phishing emails or downloading malicious files. Security awareness training helps bridge this gap by actively involving and engaging employees in the protection of the organization’s assets.

Moreover, as technology continues to advance and cyber threats become increasingly complex, security awareness training is a crucial defense mechanism that must keep pace. By raising awareness of emerging threats, the training equips individuals to identify new types of attacks promptly. This proactive approach empowers employees to remain vigilant, constantly updated on the latest risks and vulnerabilities in their digital ecosystem. With this knowledge, they can adapt their behaviors and practices accordingly, ensuring that they play an active role in safeguarding their organization’s information.

Another key advantage of security awareness training is its capacity to enhance an individual’s personal cybersecurity practices. In the interconnected world we live in, the line between personal and professional online activities is often blurred. Hence, by educating individuals about the risks they face and the necessary precautions to take, security awareness training helps extend protection beyond the workplace, to their personal devices and digital lives.

Critics may argue that security awareness training is time-consuming and expensive without tangible and immediate results. However, investing time and resources in training programs are critical for individuals and organizations to stay agile and resilient against evolving cyber threats. Engaging and interactive training sessions can significantly mitigate the risks by developing a robust cybersecurity posture that fosters a sense of personal accountability for all stakeholders.

In conclusion, security awareness training offers a wide array of benefits that make it highly useful in today’s cybersecurity landscape. By incorporating this proactive learning approach, organizations can empower their workforce to identify and mitigate cyber threats effectively. Furthermore, a culture of security awareness can extend from the workplace to individuals’ personal lives, safeguarding everyone’s data and privacy. Ultimately, continuous investment in security awareness training is indispensable in the ongoing battle against cybercrime.

In Conclusion

Be it Security Awareness Training benefits statistics, Security Awareness Training usage statistics, Security Awareness Training productivity statistics, Security Awareness Training adoption statistics, Security Awareness Training roi statistics, Security Awareness Training market statistics, statistics on use of Security Awareness Training, Security Awareness Training analytics statistics, statistics of companies that use Security Awareness Training, statistics small businesses using Security Awareness Training, top Security Awareness Training systems usa statistics, Security Awareness Training software market statistics, statistics dissatisfied with Security Awareness Training, statistics of businesses using Security Awareness Training, Security Awareness Training key statistics, Security Awareness Training systems statistics, nonprofit Security Awareness Training statistics, Security Awareness Training failure statistics, top Security Awareness Training statistics, best Security Awareness Training statistics, Security Awareness Training statistics small business, Security Awareness Training statistics 2024, Security Awareness Training statistics 2021, Security Awareness Training statistics 2024 you will find all from this page. 🙂

We tried our best to provide all the Security Awareness Training statistics on this page. Please comment below and share your opinion if we missed any Security Awareness Training statistics.

Leave a Comment