The Long-Term Effects of Phishing Awareness Training

Employees forget the guidance given on phishing training courses within six months, new research has revealed.

The findings, which were presented at the USENIX SOUPS security conference in August, were the result of a year-long investigation into the effectiveness of staff awareness training.

The researchers studied hundreds of employees, splitting them into groups and providing them with phishing awareness training at various intervals.

They found that the majority could identify phishing emails four months after receiving training, but those who went six months or longer without training lost the benefits provided by the initial training.

This demonstrates how important it is to commit to regular staff awareness training. According to Centrify, only 23% of employees receive any formal training – but as this research indicates, this must be repeated at regular intervals.

The problem is that the effects of this training wear off over time, leaving you exposed to phishing scams unless employees are given refreshers.

Ideally this would happen once per quarter – or at the very least once every six months.

What type of training works best?

According to the researchers, staff awareness training works best when there is a visual component – whether a video or an interactive element.

By contrast, education that consists entirely of text – such an email or a set of policies – was less effective, with the lessons largely forgotten within one month.

That’s not to say that organisations shouldn’t bother with text-based instructions. Policies, processes and updates are the backbone of an effective cyber security strategy and should complement your training programme, but your programme needs to encompass more than just text to be effective.

Organisations that want to give staff the necessary training should take a look at our Phishing Staff Awareness and Challenge Game Package.

It contains a variety of engaging ways to reinforce employees’ understanding of phishing, including our interactive game, where your staff can put their knowledge to the test.

This bundle also contains real-world examples of scams, explains the consequences of falling victim and explains how you can spot a scam and stay safe.

Refresh your staff’s memory through our sustained data security and privacy awareness training programme.

Repeat. Comply. Thrive.

Subscribe to our annual e-learning staff awareness programme.