Please fill in the form below to subscribe to our blog

How Often Should Businesses Run Cybersecurity Awareness Training?

May 20, 2021

Make Sure You’re Running Cybersecurity Awareness Training at the Right Cadence


Phishing risk has never been higher. 2020 was a record-breaking year for cybercrime and phishing led the way with a more than 600% increase. This was facilitated in part by an unprecedented increase in email volume. A sudden transition to remote operations combined with extended lockdowns and new hybrid work policies translated into businesses sending more internal and external email than ever before. An estimated 306.4 billion emails were sent and received each day in 2020, triple the average increase of past years. That figure is expected to continue to grow steadily as companies adopt a more flexible work approach going forward, and it’s estimated to reach over 376.4 billion daily messages by 2025 – which makes effective cybersecurity awareness training a must.


global year in breach depicted as a printed report.

Give your clients the cold, hard facts that tell the tale of exactly how much danger their business is in. GET THIS FREE BOOK>>


More Email Means More Danger


Within the rising tide of email there are plenty of sharks. An estimated 6 billion fake emails were sent to businesses daily in 2020. This flood of dangerous messages ran the gamut from generic phishing attempts to skilled impersonation schemes. However, nothing matched the danger and frequency of ransomware. IBM reports that one in four attacks that IBM Security X-Force Incident Response remediated in 2020 were caused by ransomware. Overall, an estimated 1 in 99 emails a business receives are phishing. 

These attacks use social engineering to persuade the targets into taking an action, and some techniques are very successful. Topping the list of the most opened phishing email was bogus social media requests. A little over 85% of organizations were targeted or hit with social media phishing scams in 2020. Spoofing and corporate impersonation plagued businesses, as a steady stream of false system messages and fake internal corporate email clogged employee inboxes.   

What does this mean for your business? It means that a huge amount of phishing email is headed your way every day. Phishing risks are not slowing down, especially when it comes to ransomware Ransomware attacks in 2021 are up more than 300% over the same period in 2020 and that was a record-setting year. Plus, an estimated 22 billion new records landed in dark web data markets and dumps in 2020, giving cybercriminals plenty of fuel to mount spear phishing attacks.


Help your clients stay off of cybercriminal hooks with the expert tips and strategies that we share to combat phishing in our webinar The Phish Files. LISTEN NOW>>


Training Cadence Matters for ROI


Every industry is at risk for a cybersecurity disaster caused by mishandled email. An estimated 97% of employees in a wide array of industries are unable to recognize a sophisticated phishing email. To mitigate that risk, companies must increase their commitment to cybersecurity awareness training that includes phishing resistance, a proven winner in the fight against cybercrime – and unfortunately, 62% of businesses don’t do enough cybersecurity awareness training. 

In a UK study on companies running phishing simulations, researchers discovered that 40 – 60% of their employees are likely to open malicious links or attachments. However, the study also showed that consistent cybersecurity awareness training made a huge difference in those employees’ behavior when considering email. In follow-up testing, after about 6 months of training, the percentage of employees who took the bait dropped 20% to 25%. Further training produced a steeper drop. After 3 to 6 months more training, the percentage of employees who opened phishing messages dropped to only 10% to 18%.   

But just running a few training courses for your staffers isn’t enough to foster strong cybersecurity awareness. Running training courses regularly is vital to gaining and keeping awareness. In a report from consulting giant Accenture detailing the characteristics of a cyber resilient organization, researchers place the ideal number of training courses for employees each year at 11, or just a little under one per month. This prevents courses from becoming rote but still keeps the topic fresh in employees’ minds. 


Which of your vendors will cause your next cyberattack? Read our new eBook to learn how to spot and stop third-party risk. GET THIS BOOK >>


Cybersecurity Awareness Training Needs Regular Refreshment


Why so frequently? Usenix found that the knowledge and savvy that employees gain from security and phishing awareness training is forgotten over time. In a study of cybersecurity awareness training retention, test subjects went through a single training course. Researchers then retention tested them four, six, eight, ten and 12 months later. The findings concluded that the longer the test subjects went from the original training date, the worse their memory was of what they’d learned. The sweet spot for retention was at four months. Once the testers passed that mark, their retention dropped dramatically until their performance at ten months was the same as it was when they started the study. 

Don’t wait to protect your business and your clients from phishing. Implement a security awareness training program with BullPhish ID that’s both effective and cost-effective now. The newly refreshed BullPhish ID is bursting with features that make training easy for trainers and trainees, including a convenient training portal that can be quickly personalized. Plus, trainers can choose from more than 100 pre-made plug-and-play-phishing simulations in 7 languages. Or fully customize content to reflect the actual threats that employees face every day in a flash. 

The training tools that you need to reduce the risk of phishing damaging your business are available now in the new BullPhish ID at an excellent value. Contact our solutions experts today to get started.  


let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!

LEARN MORE>>


See our innovative, cost-effective digital risk protection solutions in action.

WATCH DEMO VIDEOS>>


Contact us for an expert analysis of your company’s security needs and a report on your Dark Web exposure!

SCHEDULE IT NOW>>