Cybersecurity training has become a necessity in a world driven by technological and digital transformation.
The assessment led by Kaspersky saw the participation of 3,907 employees from January 2021 to September 2022.
With 90% of employees “overestimating” their cybersecurity skills, Kaspersky developed the Gamified Assessment Tool to assist IT and HR officers in measuring workers’ cyber skills and provide them with a relevant learning environment.
The tool awards points to employees based on decisions they make during their working day. The participants are later asked to assess whether their decisions “carry cyber risks.”
According to Kaspersky, only one out of 10 participants (11%) scored more than 90% on the test. These workers received a Certificate of Excellence and demonstrated a high level of cybersecurity awareness.
As for the remaining participants, they “made most of their mistakes in the realm of web browsing,” the company explained in a press release.
The company detailed that 61% of the participants scored “average” results ranging between 82% and 90% while the remaining 28% lacked cybersecurity awareness and scored less than 75%.
The participants were tested in six security domains including passwords and accounts, email, web browsing, social networks & messenger, PC security, and mobile devices.
Kaspersky found that most employees faced cyber risks while web browsing with only 24% of them taking the necessary action while they were tested on web browsing topics.
As for cyber risks related to mobile devices, participants showed higher levels of awareness with 43% of employees not making mistakes when identifying said risks.
Given that the majority of the employees did not have sufficient knowledge of cybersecurity and cyber risks, Kaspersky’s Product Manager for Security Awareness and Academic Affairs Alexander Lunev argued that the Gamified Assessment Tool and Automated Security Awareness Platform allows “employees to get clearer motivation for learning and helping organizations find out which educational program best fits their workers’ specific needs.”
The security awareness platform provides training material on cybersecurity to all employees including the best-scoring participants.
According to Lunev, receiving “the best possible result” in the test is not enough to skip advanced training since “adversarial methods can change and a person’s vigilance may weaken.”
As the risks of cyber crimes increase with more people having their data available online, cybersecurity training is gradually turning into a must for personal and professional use of online services.
Many countries have been adopting cybersecurity measures and raising awareness about potential cyber risks. However, some of the countries are lagging behind including Morocco.