EMA Announces New Research on Security Awareness Training

At a time of increased data breaches and intellectual property theft, this groundbreaking research study examines the implementation of security awareness training across organizations.

Boulder, CO., April 18, 2014 – Enterprise Management Associates (EMA), a leading IT and data management research and consulting firm, today released its latest research report entitled, “Security Awareness Training: It’s Not Just for Compliance.” Based on research criteria defined by EMA Research Director, Security and Risk Management, David Monahan, this major research study arms security and IT decision makers with insight on how to improve their security awareness training programs and why they should do it.

The research clearly shows many security awareness and policy training programs lack the delivery periodicity, content and quality that could increase knowledge retention, thereby improving security decisions made by personnel and reducing risk in their organization. To help guide IT professionals in their security awareness training programs, this report covers: training attributes, session frequency and duration, session periodicity, training delivery method, and training measurement.

Some of the key findings in this study include:

• More than 55% of personnel, excluding security and information technology staff, have not received security awareness training from their organizations.

• Small businesses with fewer than 100 employees accounted for the greatest percentage of untrained personnel, >40%, of the four primary organization size groupings in the study. This percentage tended to decrease as organization size increased, with enterprises having between 10,000 and 20,000 people having <10% untrained

• Employees predominantly received training annually, even though a higher frequency of training has been found to be more effective.

“Security is a foundational aspect of today’s organizations.  The problem is, many companies are not doing their part to educate their personnel on how to make appropriate security-focused or risk-based behavioral decisions. This creates a gap in the first line of attack - their people,” says Monahan. “Security awareness training is critical for a solid security program. The organizations that fail to train their people are doing their business, their personnel and the Internet as a whole a disservice because the training they provide at work affects how their employees make security decisions while they are on the Internet at home as well."

The EMA “Security Awareness Training: It’s Not Just for Compliance” Research Report and Research Summary are available online.

For an overview of key highlights from this new research, view the on-demand Webinar.

About Enterprise Management Associates
Founded in 1996, Enterprise Management Associates (EMA) is a leading industry analyst firm that provides deep insight across the full spectrum of IT and data management technologies. EMA analysts leverage a unique combination of practical experience, insight into industry best practices, and in-depth knowledge of current and planned vendor solutions to help its clients achieve their goals. Learn more about EMA research, analysis, and consulting services for enterprise line of business users, IT professionals and IT vendors at www.enterprisemanagement.com or blogs.enterprisemanagement.com. You can also Follow EMA on LinkedIn, EMA on Twitter and EMA on Facebook.