top of page
Search

Global Security Awareness: Where We Are Today

  • Writer: Security Awareness Teams
    Security Awareness Teams
  • Oct 28
  • 2 min read

In an era where digital threats evolve rapidly, human behaviour remains one of the most critical vectors for risk. Organisations globally continue to invest in security-awareness programmes — but the journey from awareness to meaningful behavioural change is still uneven.

Key Trends

  • Human error remains a major factor in breaches: For example, human-related causes account for around 60% of data breaches in some recent analyses.

  • Traditional training alone is no longer enough: While many organisations conduct awareness sessions, training that isn’t reinforced with culture, policy, metrics and continuous improvement often fails to achieve lasting results.

  • The rise of AI and identity threats: With adversaries leveraging more sophisticated tools (automation, stolen credentials, generative-AI phishing), the awareness challenge is becoming more complex.

  • Improving metrics and maturity: Many organisations now rate cybersecurity as a high priority (e.g., 81% in one survey) and believe they are becoming more capable, signalling maturation of the awareness/behaviour side of the equation.


Statistics

Here’s a table summarising some of the most relevant recent statistics around security awareness: (summary done with help of AI)

KPI/Metric

Value

Source

Organisations rating cybersecurity as a high priority

~81%

(comptia.org)

Organisations rating their cybersecurity capability as “highly capable”

~68%

(comptia.org)

Reduction in phishing click-rates after 12 months of targeted training

~86% drop to ~4.1% phish-prone rate

(knowbe4.com)

Increase in identity-driven attacks (2024 into Q1 2025)

+156%

(Guardz.com)

Percentage of breaches involving a human element

~60%

(Expert Insights)

Organisations recognising a gap in employees’ security fundamentals

~67%

(Bright Defense)

Projected market size for security-awareness training tools (CAGR)

~$2 billion in 2025; ~15% CAGR to 2033

(datainsightsmarket.com)

What This Means for Your Organisations

  • Awareness is necessary but not sufficient: Training alone won’t cut it. Organisations should embed awareness into culture, measure behaviour, use simulated phishing or attack-vectors, and link to incident data.

  • Human risk must be quantified and managed: With breaches still heavily influenced by human behaviour, organisations should adopt metrics (phish-prone %, incident root-cause) and tie awareness to business risk.

  • Threats are evolving fast: The jump in identity-based attacks and the increasing use of AI in social engineering mean awareness programmes must evolve too (e.g., training on AI-enabled risks, credential misuse).

  • Continuous cycle over one-off events: Monthly or ongoing training is becoming more common (e.g., one study found 38% of senior tech leaders run monthly staff training)

  • Measure ROI and show business value: It’s imperative to link awareness efforts to outcomes — reduced click-rates, fewer incidents, better detection, etc. This helps secure leadership buy-in.

Final Thoughts

The global state of security awareness is improving — organisations recognise the importance of the human factor, are investing more, and are beginning to adopt more mature programmes. At the same time, threats are growing more sophisticated and the gap between doing training and actually shifting behaviour remains. The organisations that will succeed are those that treat awareness not as a checkbox, but as a continuous, measurable ­and integrated component of their risk-management strategy.

Have a question(s) and don't know where to start with security awareness in your organisation? contact us today; pinutlabs.com, admin@pinutlabs.com


information/data presented were gathered from verifiable internet sources and analyzed with help of AI tool

 
 
 

Recent Posts

See All

Comments

bottom of page