DIAGNOSTICS

Do user awareness campaigns lower IT security risks?

In an era of IT consumerization, user behavior influences both information protection and information loss — as shown by data showing that user error was involved in 62 percent of incidents where information has been compromised.

Although organizations seek to address this risk by investing in awareness campaigns, these same organizations are often challenged to assess the effectiveness of such measures.

Data from the Corporate Executive Board shows that although 61 percent of organizations track user completion of training as the primary measure of success, only 7 percent say there is a demonstrable link between training and sustained behavior improvement.

Rather than focusing on user training completion, the most effective awareness campaigns should be built around an understanding of user behavior, targeting the riskiest users and their reasons for noncompliance as well as tracking metrics to ensure employee compliance with security policies.

A survey by the CEB’s Information Risk Executive Council showed that the primary metrics for measuring the success of user awareness campaign included the percentage of users completing training; year-over-year reduction in specific types of information caused by user error; and user understanding of security as evidenced by surveys.

A self-diagnostic quiz on the effectiveness of user awareness campaigns can be found below.

Organizational maturity test

Success of user awareness programs

Featured

  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected