New studies show that cybersecurity executives often fail to prioritize software security training for the entirety of a company, instead only deeming it necessary for a select few — and not always for the right reasons.
Nearly half of cybersecurity leaders who provide these kind of training tools don't consider awareness efforts to be essential within their organizations, according to a study conducted by CMD+CTRL Security and Wakefield Research. In addition to this, half of the leaders who do provide security training do so to build a "security culture," but only 41% say they provide training because of the increased risk from third parties and supply chains.
In "Enhancing Cybersecurity: The Critical Role of Software Training," the research data showed that executives who implement these kinds of trainings are highly motivated by factors such as customer satisfaction, time to market, and financial costs when implementing training resources.
Further, cyber leaders who recognize the need for this kind of software security training don't tend to prioritize customized training solutions, either because they don't consider it important or because they don't have the resources to provide it. Ultimately, this leads to a focus on developer-only training, or broad-based training programs that aren't effective, according to the findings.
With the risks that come with inadequate training, however, it's essential that company executives implement effective resources for all employees, tailored to their roles in an organization, the research concluded: "Employees gain the knowledge and skills necessary to identify vulnerabilities and adhere to best practices, learning about the latest threats and how to mitigate against them. This ultimately leads to fewer cyber breaches and a better resilience in an organization's supply chain."