Many organizations understand that security is no longer “an IT problem.” A strong security culture can help your organization decrease malware and ransomware infections, reduce the burden on IT and security staff, improve compliance with regulatory requirements and make your organizations more resilient.

In a culture of security:

• Security belongs to everyone. From the leaders at the top of the ladder to workers in the trenches, each employee plays a part in defending against threats.
• Security is an enabler, not a barrier. Human-centric processes ensure that employees can maintain productivity and innovate without compromising security.
• Awareness and training lead to fundamental change. Understanding the threats doesn’t necessarily turn employees into security allies; a culture of security means shifting behaviors, with fundamental change as the ultimate result.

Cybersecurity awareness and training is not a “one and done” initiative. The more comprehensive and consistent your program, the greater its impact on behaviors. Osterman Research, for example, found that:

• When employees received more than 15 minutes of training per month, 93% had the ability to report suspicious content and only 1% weren’t sure if they could.
• Among employees who spent no more than 5 minutes on training a month, only 75% could report suspicious content and 14% weren’t sure.
  The time you devote to employee training is important. But it’s not the only factor that impacts the success of your program.