Importance of Security Awareness Training Emphasised by Censuswide Study on Phishing Threat

by | Dec 27, 2018

A new study by the consultancy firm Censuswide has revealed the extent to which employees are being tricked by phishing emails and how despite the danger of a data breaches and regulatory fines, many firms are not providing security awareness training to their staff.

For the study, 500 office staff were questioned by the consultancy firm Censuswide. While all the respondents were located in Ireland, the results of the survey reflect the findings of similar studies carried out in other countries, including the United States.

14% of all questioned office staff said that they had been tricked by a phishing email, which would equate to around 185,000 office workers in Ireland.

There were significant differences in susceptibility to phishing emails across the different age groups: Millennials, generation X, and baby boomers. The age group most likely to be tricked by phishing scams was millennials (17%), followed by baby boomers (7%), and Generation X (6%).

Respondents were asked about how happy they were with their ability to recognize phishing scams. Even though almost three times as many millennials had been tricked by phishing scams as Generation Xers, millennials had the greatest confidence in their ability to spot phishing scams.

14% of millennials answered that they would not be certain that they could recognize fraud, compared to 17% of Gen Xers, and 26% of baby boomers.

The survey showed that one in five workers had not been provided with any security awareness training  of any description, but even when training was provided, many office workers still participated in unsafe practices such as clicking hyperlinks or opening email attachments in messages from unfamiliar senders. 44% of baby boomers admitted having completed one of those actions in the past, as opposed to 34% of millennials, and 26% of gen Xers.

The consequences of a successful phishing attack can hit a company hard. Phishing attacks can lead to major financial losses, especially when financial details are stolen. Phishing attacks can inflict long-lasting damage to the reputation of a company, business may be lost, and companies can be subjected to lawsuits from individuals whose personal information has been illegally obtained, and regulators can issue substantial civil monetary fines.

While security solutions can be put in place to block the majority of phishing emails, it is not possible to stop all phishing emails from being delivered to inboxes. Security awareness training for all employees in a company, from the CEO down, is therefore vital.

Security awareness training should be dealt with in the same way as health and safety training. It is an organizational and HR issue, not just the charge of the IT department.

Simply providing a yearly training session for staff member is no longer enough. Phishing attacks are becoming more complex and cybercriminals are regularly changing tactics. Businesses therefore need to constantly educate their staff members to ensure training is not forgotten and to keep employees up to date with new threats.

Yearly or biannual training sessions should be held alongside by regular refresher training sessions to help develop a security culture. Phishing email simulations are also effective in reinforcing training, gauging the effectiveness of training sessions, and spotting weak points.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy