Security Innovation, a leader in software security assessment and training revealed the results of their sponsored study with Ponemon Institute, the 2023 Study on Cybersecurity Training Benchmarks: The Value of Realistic Simulation. This second edition of the report examines cybersecurity training trends for more than 1,000 organizations in 17 countries.
The report revealed a growing embrace of realistic simulations in training programs with respondents ranking this feature as both highly effective and delivering the greatest ROI compared with other cybersecurity training program components.
CIO INFLUENCE: Exascend Launches Industrial-Grade SD and MicroSD Cards to Meet Growing IoT Edge Storage Demand
Key findings of the 2023 Study on Cybersecurity Training Benchmarks
The report found significant positive shifts in training programs since 2020.
- 24% Increase in Realistic Simulations: 60% of companies now include realistic simulations as part of their cybersecurity training programs compared to 36% in 2020. ROI for cybersecurity programs incorporating realistic simulation grew from an average of 30% in 2020 to 40% in 2023.
- Relevant Content and Broad Adoption: More than half (53%) of companies include training as part of the onboarding process, with 55% of programs incorporating content tailored to a learner’s specific job role, an increase of 12% over 2020. The broad adoption of cybersecurity training practices was shown to substantially improve a company’s Security Effectiveness Score (SES) and strengthen its overall security posture.
- Training moves to the cloud: Driven by a remote workforce, in-person and classroom training venues declined by 50% as programs move to cloud-based platforms.
- Accountability: Many companies have implemented accountability measures by making training requirements mandatory – 45% of companies do not allow learners to waive cybersecurity training requirements compared with only 20% in 2020 – while 53% now report results to C-level executives in their organization, up from 31% in 2020.
“Companies are investing considerable amounts to address the growing cybersecurity skills gap. As a result, we are seeing broader adoption of training best practices and increased scrutiny around program results, although there is still a long way to go. Realistic simulations and role-based learning are key to program effectiveness and ROI,” said Dr. Larry Ponemon, founder of the Ponemon Institute.
“The findings in the Ponemon Report reflect what we’ve experienced with our clients over the last decade, namely the need for engaging training methods that teams actually want and managers can measure,” said Ed Adams, CEO of Security Innovation. “Our complete coverage for all those that build, operate, and defend software combined with the industry’s only software-focused cyber range are unrivaled in accelerating job-specific security skills development.”
CIO INFLUENCE: CSI Adds IT Governance to Advisory Services Offering as Cybersecurity, Regulatory Landscapes Grow in Complexity
Cybersecurity training investment increased by 20%
Cybersecurity training budgets have steadily increased despite the decline in in-person training. On average, organizations spend $3.5 million annually on cybersecurity programs, a 20% increase over 2020 while large enterprises can spend up to $6 million annually.
Best Practices for Effective Training
Ponemon collected seventeen benchmarks from study participants and grouped the benchmarks into three categories: content, measurement and governance and delivery. Of these, the following factors were ranked as having the greatest impact on training program effectiveness and program ROI:
- Training includes realistic simulations
- Content is tailored to a learner’s job role
- Methods are available to measure training program effectiveness
- Results are reported to C-level executives
- Broad adoption
Dr. Larry Ponemon, founder of the Ponemon Institute, a research “think tank” dedicated to advancing privacy, data protection and information security practices will join Amy Severson, Director of Customer Success at Security Innovation for a discussion on Making Security Skills Stick – Findngs from Ponemon Research on May 23, 2023 at 12 pm EDT. Register for the webinar here. To learn more about the Ponemon Institute’s findings on Cybersecurity Training Benchmarks, download the study or view the infographic from Security Innovation.
CIO INFLUENCE: SEEQC Unveils Italy’s First Quantum Computing System
[To share your insights with us, please write to sghosh@martechseries.com]