33.98% of IT decision-makers at financial services firms reported that security awareness training is currently fully or partially managed by an MSP or MSSP.

Only 17% of executives at financial services firms indicated that security awareness training will be a priority in the coming year.

47% of UK IT leaders cited employee security awareness training as the most common defence against email-related incidents.

IT leaders estimate that only 5% of known phishing attacks in healthcare are actually reported by employees to security teams.

Just 18% of enterprises tailor phishing simulations by both role and behavior.

Employee security awareness training (32.2%) was among the controls with the highest failure rates in enterprise fraud attacks.

41% of cybersecurity professionals identified lack of security awareness training as a primary reason employees fall victim to cyberattacks.

Organisations relying solely on security awareness training (SAT) have visibility into only 12% of risky behaviour.

Security awareness training reduced phishing susceptibility from approximately 33.1% to just 4.1% after one year in state, local, tribal, and territorial (SLTT) governments.

Security awareness training reduced phishing susceptibility from approximately 33.1% to just 4.1% after one year in state, local, tribal, and territorial (SLTT) governments.

83% of respondents agreed that their current SAT tools require substantial effort to operate and maintain.

99% of organizations experienced security incidents linked to avoidable human error.

More than half (53%) of respondents agreed that the effort required to run their current SAT tools outweighs their impact.

Many SAT programmes exist primarily to satisfy regulatory or insurance requirements.

95% of organizations see value in using AI to Conduct conversational coaching by leveraging LLMs.

Nearly all of the organizations surveyed (99%) are in favour of including AI in future SAT tools and workflows.

96% of organizations see value in using AI to Create dynamic risk scores based on past user behaviour and the types of attacks targeting certain types of users.

95% of organizations see value in using AI to Automatically create individualized attack simulations based on individual user profiles.

75% of organizations require employees to complete security awareness training at least quarterly.

While 99% of organizations experienced incidents tied to human error, the vast majority stated they struggle to implement effective, scalable SAT programs.