Nearly 70% of business leaders believe their employees lack critical cybersecurity knowledge, a sharp increase from 56% in 2023.
The figure comes from Fortinet's latest 2024 Security Awareness and Training Global Research Report, which also suggests that AI-driven cyber-attacks are becoming more difficult for employees to detect. Over 60% of respondents expect a rise in employees falling victim to AI-enhanced attacks.
Proactive Measures in Cybersecurity Training
However, 80% of those surveyed said that increased awareness of these AI-augmented threats has prompted organizations to embrace security awareness and training programs.
As cybersecurity concerns grow, many companies are taking steps to improve their defenses, the Fortinet report showed. Three-quarters of leaders are proactively planning security awareness campaigns, with 34% delivering content monthly and 47% doing so quarterly. The success of these programs, according to the report, depends heavily on high-quality, engaging content that helps employees recognize threats.
"It's vital for organizations to increase cybersecurity investments in response to growing AI threats, as these threats can have significant financial and reputational consequences," warned Stephen Kowski, Field CTO at SlashNext.
"Priority areas for investment should include AI-powered content analysis and detection, employee training and awareness programs and robust network security measures."
Phishing remains a significant concern, especially as cyber-criminals use AI to craft more convincing attacks. More than 80% of organizations were hit by individual-targeted cyber-attacks such as malware and phishing in the past year. Phishing prevention is now a core focus, with 98% of respondents including it in their training. Other key focus areas include data security (48%) and privacy (41%).
"Attackers are increasingly looking at weaker parts of the perimeter, such as non-human identities (NHIs), which control machine-to-machine access and are increasingly critical in cloud environments," explained Amit Zimerman, Co-Founder and Chief Product Officer at Oasis Security.
"NHIs now outnumber human identities in most organizations, and securing these non-human accounts is vital, especially in AI-heavy architectures like Retrieval-Augmented Generation (RAG) systems."
The Importance of Dynamic Training Approaches
Fortinet's report also highlighted positive outcomes when security training is implemented. Eighty-six percent of leaders said their employees view these programs favorably, and 89% reported improvements in their organization's security posture after adoption.
"The legacy security awareness training model was designed for compliance with yesterday's threats," commented Mika Aalto, Co-Founder and CEO at Hoxhunt.
"What is needed for the attacks of today and tomorrow is a dynamic security behavior change platform that stays current with the constantly evolving threat landscape."
However, leaders also noted that effective training must balance engaging content with manageable time commitments to avoid overwhelming employees.
The Fortinet survey drew responses from over 1850 executives across 29 countries and multiple industries, including manufacturing, financial services and technology.