10 statistics that show why training is key to good data protection


When it comes to cybersecurity, having the right technology, policies and a proactive IT strategy are a good start. But effective and regular employee training and awareness programmes are the real key to preventing common threats from crippling your business.

Check out our infographic below: 10 statistics that prove why cyber security training is the key to good data protection. We’ve compiled the most recent compelling research into why you need to invest regularly in training your employees.

The cyber landscape is fast-paced with new, business-crippling threats appearing daily. Ensure your staff and teams have the right training to protect your business, your data and your clients.

Feel free to save and share the statistics with your colleagues by clicking on the infographic, or refer to the plain text version of this information underneath the infographic.


Infographic - 10 cybersecurity training statistics

Click the infographic to open a PDF copy.

Human error is behind most successful cyberattacks

  • 95% of cybersecurity breaches are caused by human error.[1]
  • The proportion of businesses targeted by cyber criminals in the past year increased from 38% to 43%, many suffering multiple attacks.[2]
  • Terranova Security’s 2020 Gone Phishing Tournament results showed that almost 20% of all employees are likely to click on phishing email links.  67% of those will then go on to enter the requested details into a phishing website! Meaning that 13.4% of employees will potentially enter passwords and personal details to a phishing site![3]
  • 68% of business leaders feel their cybersecurity risks are increasing.[4]
  • In the first 6 months of 2021, the UK lost £1.3Bn to fraud and cybercrime.[5]

The business case for cybersecurity training

  • 93% of cybersecurity professionals agree that humans and technology need to work together to detect and respond to threats, like phishing attacks.[6]
  • Since the pandemic began, the FBI reported a 300% increase in reported cybercrimes.[7]
  • According to research by Ponemon, even the least effective training programmes have a 7-fold return on investment.[8]
  • Security-related risks are reduced by 70% when businesses invest in cybersecurity training and awareness.[9]
  • Remote workers have caused a security breach in 20% of organisations.[10]

7 do’s and donts for effective cybersecurity training

  • Do extend training to everyone in your organisation – not just leaders or IT staff.
  • Do experiment with simulated attacks, drills and tests.
  • Do prioritise topics like password security, threat response and device security in separate sessions.
  • Do ensure that mobile devices used for your business, whether corporate or personal, are secure, and your remote working cybersecurity policy is presented to and understood by all staff.
  • Don’t attempt to teach everything in one session.
  • Don’t default to videos and classroom-style sessions that arent engaging.
  • Don’t assume one session is enough. Training should be ongoing!

If you’d like to learn more about effective staff cybersecurity training, get in touch with the team here at Pensar, if you click though here, you can book a meeting directly with Mark Williams to discuss your requirements.

New call-to-action


What is Managed Services, and what do Managed Service Providers do?
How poor internal communications affects your business