Why Does Security Awareness Fail?
Gartner , March 2nd, 2023
A small avalanche of data from various sources (including Gartner) confirms what many of us in the cybersecurity world have believed for years: security awareness doesn't work.
I suspect that this will not come as a surprise to anyone who works in security as it is routine for employees to prioritize pretty much anything else over security when a conflict arises. What is going on here? Why has the steady drumbeat of training and phishing simulations not produced effective cyberjudgement in our employees?
A few issues are obvious to me, some of which might make security people a bit uncomfortable.