Do user awareness campaigns lower IT security risks?

In an era of IT consumerization, user behavior influences both information protection and information loss — as shown by data showing that user error was involved in 62 percent of incidents where information has been compromised.

Although organizations seek to address this risk by investing in awareness campaigns, these same organizations are often challenged to assess the effectiveness of such measures.

Data from the Corporate Executive Board shows that although 61 percent of organizations track user completion of training as the primary measure of success, only 7 percent say there is a demonstrable link between training and sustained behavior improvement.

Rather than focusing on user training completion, the most effective awareness campaigns should be built around an understanding of user behavior, targeting the riskiest users and their reasons for noncompliance as well as tracking metrics to ensure employee compliance with security policies.

A survey by the CEB’s Information Risk Executive Council showed that the primary metrics for measuring the success of user awareness campaign included the percentage of users completing training; year-over-year reduction in specific types of information caused by user error; and user understanding of security as evidenced by surveys.

A self-diagnostic quiz on the effectiveness of user awareness campaigns can be found below.

Organizational maturity test

Success of user awareness programs

inside gcn

  • digital model of city (Shutterstock.com)

    Why you need a digital twin

Reader Comments

Mon, Dec 19, 2011 hrbrmstr Berwick, Maine

That pie chart almost completely invalidates your entire article and their entire survey. If the source was looking to visualize multiple facets of their study, mis-using an already maligned chart type (that has very specific and limited use-cases) was not the route to go. The kicker is that pie charts are inherently supposed to communicate % parts of a whole (whole == 100%) and *admitting* *in the chart* that it does not makes the analytical capabilities of the creators suspect as well.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group