- Most Cybersecurity Awareness Month (CAM) activities are promoted and carried out individually online, with only 26% discussing upcoming events in meetings, and a newsletter being the most popular CAM activity (62%).
- Activities are mandatory in just 37% of the organizations that participate in CAM.
- 67% of respondents feel that CAM activities should be tailored to different departments within an organization, and 46% feel they should be individually tailored.
Boston, London, 1st July 2024 – New research from CybSafe, the human risk management platform, has found only 42% of people feel their organization’s current cybersecurity awareness training is sufficient. Following the COVID-19 pandemic, most activities have remained individual and online, with organizations opting for newsletters, webinars, and e-learning over in-person sessions and competitions. As a result, workers are seeking other ways to make events more engaging and human, with the most popular desired format being in-person sessions (44%).
The study, which asked 1,000 office workers across the UK and US about their awareness of, participation in, and opinions on Cybersecurity Awareness Month, highlights a significant gap in the perceived effectiveness of current methods.
Cybersecurity remains an option – not a necessity
Awareness of Cybersecurity Awareness Month (CAM) is still limited. Only 15% of respondents reported participating in CAM. The primary reasons for this low participation include a lack of awareness of the event (56%), differing organizational priorities (40%), and the absence of a dedicated cybersecurity team to organize it (29%). Despite this, among those who do participate, 71% pay attention to the activities at least most of the time, showing high engagement when the event is recognized and supported.
Interestingly, only 37% of participants whose organizations partake in the event say it is mandatory, suggesting it is viewed more as an option rather than an essential business function.
Cybersecurity Awareness Month: An Individual Endeavor?
People are predominantly informed about Cybersecurity Awareness Month (CAM) activities through channels like email (81%), internal newsletters (48%), and intranet (39%), with more personal options like meetings representing just 25%. This suggests from the outset that CAM is perceived as an individual activity rather than a team-oriented initiative.
Similarly, activities carried out during CAM are often online and participated in individually. The most popular options for activities during CAM are newsletters/emails (62%), webinars (43%), and live web-based training (36%). In-person training sessions and workshops are utilized by 36% of organizations, indicating some see the importance of community in developing cyber capabilities, though it remains a minority.
What types of activities are typically organized by your organization for Security Awareness Month? (select all that apply)
With activities being so individual, people view participation in them through that same lens. When asked what would cause them to pay more attention to cyber activities, the most popular answer by far was incentives and rewards. This response stems from an individualistic mindset, perhaps bred by the nature of the activities carried out. Respondents also wanted to see real-world examples (34%), hoping to understand how this impacts their role.
Respondents see the benefit of tailored activities. After all, no two jobs are the same, and more tailored training aimed at the risks dominant in each department can be an effective way to reduce risk. 67% of respondents believed CAM activities should be tailored to different departments within the organization, and 47% even said this level of personalization should be on an individual level.
Workers want a more human approach to human security
When asked what motivates or would motivate participation in Cybersecurity Awareness Month (CAM) activities, the desire to protect personal information was the dominating response (77.8%). This was closely followed by a desire to protect their organization’s information, with almost 6 in 10 respondents emphasizing a sense of collective responsibility that organizations aim to promote.
In response to many organizations’ current approach to CAM, workers expressed a desire for a more human-centered approach. When asked which activities are most effective for learning about cybersecurity, in-person training (44%) was the most popular option, followed by quizzes and games (39.8%). This suggests a preference for interactive and collaborative methods, indicating that employees value connection with coworkers to enhance their sense of collective responsibility.
Dr. Jason Nurse, Director of Science and Research at CybSafe, commented on the findings, stating, “This research serves as a reminder to cybersecurity professionals that fostering a sense of collective responsibility requires a human-centric approach. Human risk management is inherently a human endeavor.
“As organizations prepare for Cybersecurity Awareness Month, they should prioritize activities that are relevant to employees’ job roles and designed to actively engage them. This will not only enhance participation, but also lead to a more significant impact on security behaviors across the workforce.”
To read the full report on the opinions and impacts of Cybersecurity Awareness Month, visit: www.cybsafe.com/press/who-cares-about-cybersecurity-awareness-month
Access the full study insights to discover who cares about cybersecurity awareness month
About CybSafe
CybSafe is the human risk management platform designed to reduce human cyber risk in the modern, remote, and hybrid work environment, by measuring and influencing specific security behaviors.
CybSafe is powered by SebDB—the world’s most comprehensive security behaviors database—and built by the industry’s largest in-house team of psychologists, behavioral scientists, analysts, and security experts. An award-winning, fully scalable, and customizable solution, it’s the smart choice for any organization.
- 91% Reduction in high-risk phishing behavior
- 55% Improvement in security behaviors
- 4x More likely to engage in cybersecurity initiatives