61% of Employees Can’t Answer Simple Cybersecurity Questions

employees fail cybersecurity test - featured image

Nearly 70% of employees who participated in a survey conducted by TalentLMS, a company providing e-learning solutions, said they recently had cybersecurity training organized by their companies, yet 61% of them failed to answer basic questions related to cybersecurity.

A thousand and two hundred employees from various industries participated in the survey. They were asked to answer seven cybersecurity-related questions and demonstrate their knowledge on this topic. The aim was to determine the employees’ “cybersecurity habits, knowledge of best practices, and ability to recognize security threats” in the context of the rising cybersecurity challenges companies have faced during the COVID-19 pandemic.

Here are some of the telling findings of the study:

  • Surprisingly, employees in information services had lower-than-average results on the quiz. Only 17% of participants who work in this industry passed the quiz, compared to 57% of healthcare workers.
  • 60% of participants who failed the test said they don’t feel jeopardized by online threats, while 74% of those who didn’t answer any single question correctly said they feel safe online.
  • Most respondents don’t use password managers to save their passwords. Office workers have much worse security habits than remote workers, but the report shows they feel safer from online threats than remote workers.
  • The worst results on the quiz had workers in the age group 18-24 (16% passing), while those aged 25-34 had the best results, together with employees aged 54 and over, with a pass rate of 43%.

Although the results of the quiz are not encouraging, the only way to fight online threats is to continue with employee education and training on cybersecurity:

“Be sure to constantly run security training and include mobile in those sessions,” said Hank Schless, senior manager of security solutions at Lookout. “Consider any text, email, WhatsApp message, or communication that creates a time-sensitive situation a red flag. Users should approach any suspicious messages with extreme caution, or go straight to their IT and security teams to have them examine it first.”