Peer-Driven Insights

Awareness & Training

Community Posts

What cybersecurity awareness techniques have you found most effective?

Read More Comments

What’s your personal opinion on phishing tests — should cyber professionals rethink this as a method for security awareness training, or is it a necessary practice?

Read More Comments

Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful?

If not - what is stopping you from setting this up?

Read More Comments

How do you ensure accessibility standards are being met in your digital products/services?

Read More Comments

Have you ever personally conducted workshops/activities for security awareness training with your own board members? What was most effective? What would you do differently today?

Read More Comments

Which of the following areas do you believe poses the greatest cybersecurity risk to your organization? (Select all that apply)

Insider threats (e.g., employees, contractors)29%

External threats (e.g., hackers, cybercriminals)65%

Third-party/vendor risks49%

Cloud security34%

Mobile device security11%

Social engineering (e.g., phishing, social manipulation)16%

View Results

How can you use peer pressure to enforce secure behavior? Have you ever tried/observed successful examples of this or similar tactics?

Read More Comments

Does your org evaluate IT or engineering employees’ security practices as part of performance review processes?

Yes - both IT & engineering employees44%

Yes - only IT employees44%

Yes - only engineering employees5%

No7%

Don’t know/other

View Results

How would you handle individuals who just can't stop clicking repeatedly on phishing emails? Do you do corrective training and/or implement technical solutions (e.g. defanging) and at what point do you get 'punitive'? At what point would you dismiss the employee for lack of 'cyber competence'?

Read More Comments

If your organization evaluates security practices as part of IT/engineering employees’ performance review, how do you measure that? Can you share any best practices or tips on how to approach this?

Read More Comments

Do you think rewarding or recognizing individuals for secure behavior is an effective strategy? How is this tactic applied at your organization?

Read More Comments

What tips can you offer leaders who are looking to incorporate gamification into security awareness training? Is there a simple way to do this internally or is it typically best to seek out a third party service provider?

Read More Comments

What are the benchmark completion rates for risk management training (e.g., personal info protection, fraud prevention, emergency measures, business continuity)? In cybersecurity, we target 100% and see 98%+ industry-wide. What about these other areas?

How have you approached integrating humor or storytelling into security awareness materials? What do you consider the biggest do’s and don’ts?

Read More Comments

How can you build a brand for the security function that helps to reinforce secure behavior across the business?

Read More Comments

Does your org have any activities or events to recognize Safer Internet Day?

Yes (comment and tell us what they are!)61%

No38%

Community Posts

What cybersecurity awareness techniques have you found most effective?

What’s your personal opinion on phishing tests — should cyber professionals rethink this as a method for security awareness training, or is it a necessary practice?

Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful?If not - what is stopping you from setting this up?

How do you ensure accessibility standards are being met in your digital products/services?

Have you ever personally conducted workshops/activities for security awareness training with your own board members? What was most effective? What would you do differently today?

Which of the following areas do you believe poses the greatest cybersecurity risk to your organization? (Select all that apply)

How can you use peer pressure to enforce secure behavior? Have you ever tried/observed successful examples of this or similar tactics?

Does your org evaluate IT or engineering employees’ security practices as part of performance review processes?

How would you handle individuals who just can't stop clicking repeatedly on phishing emails? Do you do corrective training and/or implement technical solutions (e.g. defanging) and at what point do you get 'punitive'? At what point would you dismiss the employee for lack of 'cyber competence'?

If your organization evaluates security practices as part of IT/engineering employees’ performance review, how do you measure that? Can you share any best practices or tips on how to approach this?

Do you think rewarding or recognizing individuals for secure behavior is an effective strategy? How is this tactic applied at your organization?

What tips can you offer leaders who are looking to incorporate gamification into security awareness training? Is there a simple way to do this internally or is it typically best to seek out a third party service provider?

What are the benchmark completion rates for risk management training (e.g., personal info protection, fraud prevention, emergency measures, business continuity)? In cybersecurity, we target 100% and see 98%+ industry-wide. What about these other areas?

How have you approached integrating humor or storytelling into security awareness materials? What do you consider the biggest do’s and don’ts?

How can you build a brand for the security function that helps to reinforce secure behavior across the business?

Does your org have any activities or events to recognize Safer Internet Day?

Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful?

If not - what is stopping you from setting this up?