International Cyber Expo International Cyber Expo
  • About Us
Friday, 17 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Legacy Security Awareness Training Failing to Reduce Human Risk, Huntress Study Warns

by The Gurus
September 23, 2025
in Featured
CybSafe launches SebDB 2.0 Behavioural Risk Platform
Share on FacebookShare on Twitter

Despite a surge in spending on security awareness training (SAT), most organisations are still experiencing more incidents caused by human error, according to new research from Huntress.

The report, Mind the (Security) Gap: SAT in 2025, reveals that while 93% of organisations have increased their SAT budgets in the past three years, 94% saw a rise in security incidents linked to mistakes made by employees. The findings suggest that traditional training methods are not delivering the improvements businesses expect.

“Old-school security awareness training isn’t working. Organisations are pouring more money into it than ever, and yet, human error incidents are on the rise,” said Dima Kumets, Principal Product Manager at Huntress. “This gap between expectation and reality exists because training content is often developed in isolation, without meaningful collaboration with security experts. As a result, generalists without hands-on security experience create content that meets compliance requirements, but doesn’t drive meaningful behaviour change or lead to security outcomes that last.”

The study, based on an independent UserEvidence survey of 262 IT and security professionals who administer SAT and 260 employees whose companies provide it, exposes widespread weaknesses in legacy programmes. Among the main issues identified were ineffective outcomes, outdated content, and excessive administrative burden.

Key findings include:

  • Perceived vs. real effectiveness: 93% of SAT administrators believe their programmes are effective, but more than half (57%) acknowledge that improved employee awareness could have prevented most or nearly all of their organisation’s security incidents.

  • Outdated content: 88% of learners believe their training is effective, and 92% feel confident they would respond correctly in a security incident. Yet, 44% of administrators admit their training materials are often outdated or irrelevant, leaving staff overconfident and unprepared for modern threats.

  • Administrative challenges: While 95% of administrators say their SAT programme is technically manageable, 61% spend at least 10 hours a month maintaining it, and 72% view it as a burden, suggesting the programmes are a time drain with limited return on security outcomes.

The Huntress findings align with research presented by UC San Diego Health at Black Hat USA 2025, which showed that annual, compliance-focused training alone does little to reduce the likelihood of employees falling for phishing scams. Experts argue that this “check-the-box” approach leaves organisations vulnerable, and that training should evolve into a more tailored, outcome-driven model.

According to Huntress, managed SAT programmes developed with security experts can ease the burden on administrators while ensuring that training is current, frequent, and relevant. This shift, the company argues, is critical to driving real behavioural change and reducing risk.

“Just because legacy SAT solutions have been ineffective in reducing human risk doesn’t mean SAT itself isn’t a valuable and necessary tool,” Kumets explained. “The answer certainly isn’t to throw more budget at the same ineffective training methods. But, by shifting to more outcome-driven training that is timely, relevant, and expertly managed, organisations can cultivate a proactive and resilient security culture that actually reduces human risk.”

ShareTweet
Previous Post

How Do Online Gaming Sites Keep Players and Their Data Safe?

Next Post

Keeper Security Integration with Google SecOps Expands Visibility into Privileged Access

Recent News

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

July 16, 2026
Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

July 15, 2026
Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

July 15, 2026
Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

Forescout Uncovers AI Assisted Phishing Campaign Using Fake eCards

July 14, 2026

Eskenzi PR banner ad

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol