• United States



Please don’t send me to cybersecurity training

Sep 18, 20173 mins
CareersInternet SecurityIT Skills

Training providers offer unique twists to help engage employees on security awareness education and make the process less painful.

cybersecurity shield and gear image
Credit: Thinkstock

You clicked on a bogus email, and you should’ve known better. Now you’re going to cybersecurity school.

Huh? I don’t want to go.

Talk about engaged students. But sadly, that’s the case at many organizations that penalize employees for clicking on a phishing email — they sign them up for security awareness training.

You can’t blame them, though: 91% of cyberattacks and the resulting data breach begin with a spear phishing email, according to a 2016 report from PhishMe. Meaning, the overwhelming majority of hacks are initiated by employees clicking on emails containing some form of malware.

Need for cybersecurity education rises

The need for cybersecurity employee education is on the rise. Cybersecurity Ventures predicts the security awareness training market will grow from $1 billion in 2014 to $10 billion by 2027.

The massively expanding human attack surface is currently at 2 billion-plus people online, and Microsoft expects that figure to reach more than 4 billion by 2021. Every person is a candidate for security awareness training.

Today, employees at organizations of all sizes globally are being trained on security. In the future, the market may see individuals signing up for their own training, pre-employment, positioning themselves as cyber-aware job candidates.

There’s a shifting dynamic in the security awareness market, with numerous vendors helping employers to position training programs as something more than a perceived punishment.

Unique security awareness training programs and tools

Interesting offerings from security awareness training vendors:

  • Digital Defense got creative and developed their SecurED training program in collaboration with award-winning Hollywood comedy writers. Laughing may prove to be the remedy for boring security classes.
  • KnowBe4 has filmed and productized Kevin Mitnick, the world’s most famous hacker, into the computer-based-training (CBT) industry’s leading man. For employees, it’s like going to the movies.
  • MediaPro provides employers with an eBook and toolkit that explains how to create engaging content — the meat of a successful security-awareness training program.
  • Phishline doesn’t stop at Phishing. They help organizations train their employees with Vishing (voice mail simulations) and Smishing (SMS/text phishing simulations).
  • PhishMe’s simulated phishing training turns employees into human firewalls by launching seemingly real phishing attacks on them over and over again. Who wouldn’t want to be called a human firewall?
  • Terranova helps organizations build a culture of security with unique post-training tools such as customizable newsletters that organizations can use to embed security into the mindset of their employees.
  • Wombat Security provides everyday tips that employees can relate to — such as improving their own data privacy, shopping safely online, and even dealing with security vulnerabilities in cars.

With a growing phishing epidemic, employers need a hook to engage their employees on security awareness training. What’s yours?

Visit to read all of my blogs and articles covering cybersecurity.

Follow me on Twitter @CybersecuritySF, or connect with me on LinkedIn. Send story tips, feedback and suggestions to me here.


Steve Morgan is the founder and CEO at Cybersecurity Ventures and editor in chief of the Cybersecurity Market Report. The Cybersecurity Market Report is published quarterly and covers the business of cybersecurity, including global market sizing and industry forecasts from consolidated research by IT analyst firms, emerging trends, employment, the federal sector, hot companies to watch, notable M&A, investment and IPO activity, and more.