Cybersecurity training may be broken, new survey reveals: 61% of employees who have received training failed a basic test

With cyberattacks increasing dramatically after the pandemic, TalentLMS and Kenna Security teamed up to gauge employees’ awareness and knowledge of cybersecurity risks. While 59% of employees received cybersecurity training from their companies in response to the COVID-19 outbreak, the survey uncovered that these initiatives have been insufficient.

The survey of 1,200 U.S. employees, conducted by the online training platform TalentLMS and the vulnerability management company Kenna Security, finds that employees are most knowledgeable in laptop security, while they are unaware of how to secure sensitive data and recognize harmful files. The report sheds light on the effectiveness of cybersecurity training, and examines employees’ awareness, habits, and knowledge related to staying safe in cyberspace.

Key findings:

  • 59% of employees were trained on cybersecurity as a response to the work-from-home shift caused by COVID-19
  • Having a cybersecurity training program in place isn’t enough to ensure cyber safety: 61% of employees who have received cybersecurity training failed a basic test
  • Surprisingly, the highest fail rates were reported in the following two industries: Information services and data (83% of employees failed) and Software (73% of employees failed)
  • 74% of respondents who answered all seven test questions incorrectly said they feel safe from cybersecurity threats
  • 33% of employees store their passwords in their browsers, even though that puts network security at risk 
  • Remote employees collectively feel less safe from threats (63%), than office employees (51%)

While the survey results show that training has a positive impact on some aspects of employees’ cybersecurity habits, such as protecting their computers and correct password management, these effects are not consistent across all areas. This brings to light some of the “blind spots” of cybersecurity training programs, which, if left unaddressed, create vulnerabilities that expose employees and their companies to cyber risks and attacks.

“Simply offering a cybersecurity training program does not guarantee a skilled or educated staff. Such programs are usually theoretical, full of technical terms, and, well, boring. Cybersecurity training should be fun, hands-on, and use real-life examples. And this is because staying safe and protected in cyberspace is a hands-on, practical skill.

—Victor Kritakis, Chief Information Security Officer, TalentLMS

When asked what would make cybersecurity training more engaging, 52% of employees said they would like it to be presented in a simpler and less technical way, while 50% would like it to be more fun and gamified.

Read the full report here:

About TalentLMS:
TalentLMS is the LMS built for training success. Designed to get a “yes” from everyone, it’s where great teams, and companies, go to grow. With an experience that’s fully customizable, easy to manage, and a joy to use, teams embrace training while feeling right at home. 

Media Relations Contacts:
Ana Casic (acasic[at], Eri Panselina (epanselina[at]

About Epignosis LLC

Epignosis is a leading software solutions provider aiming to democratize learning by making premium eLearning technology accessible and affordable to any single company or organization worldwide. Epignosis produces tools that people actively use, as the balance between usability, simplicity, and fit-to-purpose is the company’s primary R&D objective. Its portfolio includes eFront, TalentLMS, and TalentCards, a mobile learning app that delivers bite-sized training in the form of learning cards.