Cyber Security Awareness Report Reveals Knowledge Gaps Pose Major Enterprise Security Risks

Social media and remote working topics the least understood, while healthcare, telecommunications, retail and transportation industries struggle the most, reveals Wombat Security report

Pittsburgh, PA (Sept. 8, 2016) – Wombat Security Technologies (Wombat), the leading provider of cyber security awareness and training, has announced the release of its Beyond the Phish report, an analysis of nearly 20 million questions and answers indicating how well end users are able to identify and manage security threats within an enterprise.

The report reveals the many cybersecurity threats that are prevalent today such as oversharing on social media, unsafe use of WiFi, and company confidential data exposure that are dangers in their own right, but could also be considered contributing factors to the ever growing problem of phishing.

In the last year, the number of organizations that reported being a victim of phishing has increased 13%, and 60% of enterprises said the rate of phishing attacks has increased overall.(1)

“Clearly, phishing is a focus area across the industry, but the efforts can’t stop there,” said Joe Ferrara, President and CEO of Wombat. “To reduce cyber risk in organizations, security education programs must teach and assess end users across many topic areas, like oversharing on social media and proper data handling. Many of these risky behaviors exacerbate the phishing problem.”

Key findings from the report that show room for improvement include:

  • The No. 1 problem area for end users, with 31% of questions missed, is safe social media use; yet only 55% of security professionals assess employee knowledge on this topic.
  • End users missed 30% of questions about protecting and disposing of data securely, second only to safe social media use.
  • Professional services and healthcare employees performed the lowest on the nearly 1 million questions asked about safe passwords.
  • While healthcare was the industry that had the highest assessment percentage on end users’ ability to protect confidential information, 31% of questions on the topic were missed by those in the industry.

Furthermore, with the rise in remote working and end users who value the ability to work outside of the office, organizations need to educate their employees on how to stay safe while they are outside the office. Improper use of free WiFi, inattention to physical security, lax data protections, and the lack of security guidelines during travel led to 26% of questions missed by end users on this important topic.

“We should all be thankful to Wombat Security for sharing empirical data from nearly 20 million actual end-user assessments!” comments Derek Brink, CISSP, Vice President and Research Fellow, Aberdeen Group. “The findings here are clear – organizations that measure user knowledge on a variety of security topics are gaining valuable insights into the most important factors of security risk, which can focus their efforts to address it. Depth of data, combined with a continuous, metrics-based approach to end-user security education, results in a solid knowledge improvement program. In my own analysis, successfully changing user behaviors has helped Wombat customers reduce security-related risks by about 60%.”

While there is room for improvement in all risk areas, the report also highlights categories where employees have answered the highest percentage of questions correctly:

  • 90% of questions were answered correctly about building safe passwords.
  • 85% of questions were answered correctly on how to best protect against physical risks, such as ensuring no one follows you into a secure area or not leaving sensitive files on your desk.
  • 79% of organizations assess end users on internet safety, and 84% of the questions in this category were answered correctly.

About the Report

The report evaluated nearly 20 million questions asked and answered in Wombat’s Security Education Platform over the past two years, and highlights the areas end users struggle with the most and those with the most correct. Of the organizations that participated, 20% were in financial industries, 13% in technology, 11% in healthcare, and others in verticals including manufacturing, professional services, education, insurance, retail, energy, government, telecommunications, and consumer goods. Download the full report.


1. 2016 State of the Phish Report, Wombat Security Technologies and ThreatSim, January 27, 2016.

About Wombat Security Technologies

Wombat Security Technologies provides information security awareness and training software to help organizations teach their employees secure behavior. Their SaaS-based cyber security education solution includes a platform of integrated broad assessments, as well as a library of simulated attacks and brief interactive training modules. Wombat’s solutions help organizations reduce successful phishing attacks and malware infections up to 90%. Wombat, recognized by Gartner as a leader in the Magic Quadrant for Security Awareness Computer-Based Training Vendors, is helping Fortune 1000 and Global 2000 customer in industry segments such as finance and banking, energy, technology, higher education, retail and consumer packaged goods to strengthen their cyber security defenses.

SOURCE: Wombat Security Technologies