When it comes to cybersecurity, having the right technology, policies and a proactive IT strategy are a good start. But employee training and awareness are the real key to preventing common threats from crippling your business.

Check out this infographic of 10 statistics that prove why cyber security training is the key to good data protection. You can save and share the image with you colleagues, or refer to the plain text version below.


Pensar Infographic - 10 statistics that show why training is the key to good data protection and cybersecurity-2-01


New call-to-action

Human error is behind most successful cyberattacks

  • 95% of successful cyberattacks are the result of a phishing scams1]
  • 52% of business leaders dont know what to do in the event of a cybersecurity incident.[2]
  • 78% of employees are aware of the risks of suspicious links in emails...but click on them anyway.[3]
  • 45% of employees receive no cybersecurity training from their employer.[4]


The business case for cybersecurity training

  • Security-related risks are reduced by 70% when businesses invest in cybersecurity training and awareness.[5]
  • 93% of cybersecurity professionals agree that humans and technology need to work together to detect and respond to threats, like phishing attacks.[6]
  • A modest investment in security awareness and training has a 72% chance of significantly reducing the business impact of a cyber attack.[7]
  • According to research by Ponemon, even the least effective training programmes have a 7-fold return on investment.[8]
  • Most cybersecurity training programmes result in a 37-fold return on investment.[9]
  • Only of UK businesses had staff take part in cybersecurity training in the 2016.[10]


6 do’s and donts for effective cybersecurity training

  • Do extend training to everyone in your organisation - not just leaders or IT staff.
  • Don’t default to videos and classroom-style sessions that arent engaging.
  • Do experiment with simulated attacks, drills and tests.
  • Don’t attempt to teach everything in one session.
  • Do prioritise topics like password security, threat response and device security in separate sessions.
  • Don’t assume one session is enough. Training should be ongoing!

Think Pensar

We can help get your team’s cybersecurity awareness up to scratch, and give them the skills they need to stay safe in the digital workplace and online. Click here to get in touch.

New call-to-action



[1](2017) Ironscales,Email Security Report.

[3](2016) Friedrich-Alexander-Universität Erlangen-Nürnberg, One in two users click on links from unknown senders.

[4](2017) CompTIA, The Evolution of Security Skills.

[5](2015) Aberdeen Group & Wombat Security Technologies,The Last Mile in IT Security: Changing User Behavior.

[6](2017) Ironscales,Email Security Report.

[7](2015) Aberdeen Group & Wombat Security Technologies, The Last Mile in IT Security: Changing User Behavior.

[10](2016) HM Government, National Cyber Security Strategy 2016.

Security IT Security IT security policy