Cybersecurity Education Cuts Frequency of Intrusions and Breaches by 67%
Cybersecurity Education Cuts Frequency of Intrusions and Breaches by 67%
Publish Date: 2026-03-15 22:52:00
Source Domain: cxotoday.com
Using an unordered list, summarize the following article with between 4 and 8 key points. A new report on security awareness and training suggests that organisations are progressing on the path of stronger cyber resilience, but still significant gaps remain in employee readiness, training, completion, and consistency of security practices.
Fortinet’s 2025 Security Awareness and Training Global Research Report suggests that security awareness training is rapidly evolving from a routine compliance exercise into a measurable control for reducing cyber risk. Listed below are some of the key takeaways from the report:
AI is raising awareness, but employee readiness remains uneven
AI-driven threats have changed how employees and leaders think about cybersecurity. Nearly nine in 10 organizations say attackers’ use of AI has increased employee awareness of why security training matters. But awareness is not the same as readiness. Only about 40% of leaders say their employees are truly prepared to identify, avoid, and report AI-based cyberthreats.
Most organizations are responding by training employees on the proper use of generative AI (GenAI) tools, monitoring or restricting sensitive data sharing, and implementing formal AI security policies. Nearly all respondents say they already have, or are actively implementing, security policies for AI and large language model (LLM) tools. The direction is clear. The gap is execution and consistency.
External threats drive adoption, but insider risk is rising fast
External threats, past breaches, and industry incidents remain the top reasons organizations invest in security awareness training. More than 40% of respondents cite these factors as the primary driver. What has changed is the rise in concern about internal risk. More than a quarter of organizations now point to insider risk as a reason for adopting training, a sharp increase from last year.
Training priorities reflect this shift. While data security and data privacy remain the top topics, AI-based tools and threats aren’t close behind. This alignment matters. It shows that organizations are starting to connect real-world risk with what employees are taught, rather than treating training as generic compliance content.
Security awareness training reduces incidents and there’s proof too
One of the strongest findings in the report is that training works. Sixty-seven percent of organizations report moderate or significant reductions in intrusions, incidents, and breaches after implementing security awareness and training.
Measurement practices are also maturing. The most common indicators include reduced security incidents, employee feedback, and security audits. Many organizations now combine in-person and computer-based training with simulations, assessments, and ongoing reinforcement. This reflects a shift away from one-time training toward programs designed to change behavior and reduce risk over time.
Completion rates and consistency remain weak
Despite better measurement and better results, most organizations still struggle with follow-through. Only a small percentage report full training completion. At the same time, nearly seven in 10 leaders say employees still lack sufficient security awareness.
This helps explain the gap between investment and outcomes. Training that is not completed, not reinforced, or not kept current as the threat landscape changes cannot deliver its full value. The report points to practical improvements: shorter and more frequent training modules, clearer accountability for completion, better alignment between content and current threats, and visible leadership support. Additionally, the need for regular micro training is becoming more important to keep up with the advancements in AI.
Security awareness is shifting from procedural to cultural
Most leaders now see security awareness as a shared responsibility across the organization, not just an IT or security function. Nearly all are also open to using policy to manage high-risk behavior, especially when it is paired with training that explains the rationale behind those policies.
This is an important shift. Effective security awareness training is not just about passing a test. It is about shaping daily decisions, reinforcing good behavior, and reducing risk where work actually happens.
What does this mean for 2026 and the years ahead?
The data is straightforward. Security awareness training reduces incidents. And organizations that invest in it and measure it see real results. But AI is accelerating both attacker capabilities and business adoption. At the same time, insider risk is growing. And too many programs still lose impact because of low completion rates or outdated content. To be effective, training has to be continuous, relevant, and treated as a core risk management control, not a side project.
India’s rapid digitization is fundamentally reshaping industries, government services, and daily life. Yet, even as organizations scale their adoption of cloud, AI, and digital platforms, the human element remains a cornerstone of cybersecurity.
According to Vishak Raman, Vice President of Sales (India, SAARC, SEA & ANZ) at Fortinet, security awareness and training serve as the primary defense against threats rooted in social engineering and human error. By empowering employees to recognize and respond to suspicious activity, organizations can drastically lower their risk exposure. Ultimately, as AI and emerging technologies continue to evolve, cultivating a cyber-aware workforce through continuous education will be vital to securing the nation’s digital future.
