Fortinet, a global leader in cybersecurity, has released its 2024 Security Awareness and Training Global Research Report, underscoring the pivotal role that a cyber-aware workforce plays in managing and mitigating organizational risks. According to Alain Penel, Vice President for the Middle East, Türkiye, and CIS at Fortinet, the findings reflect significant advancements in the adoption of AI-driven security solutions, particularly in the United Arab Emirates (UAE). The research reveals that 68% of respondents in the UAE have already integrated AI security measures, with another 32% in the process of implementing these technologies. This demonstrates the UAE’s proactive approach to improving cybersecurity resilience and reinforces its position as a leader in security innovation within the Middle East.
The report highlights several key trends, especially the growing threat posed by AI-driven cyberattacks. With malicious actors increasingly using AI to amplify the volume and velocity of their attacks, 70% of UAE respondents expressed concern that employees would become more vulnerable to AI-driven cyberattacks. This trend is mirrored globally, where over 60% of respondents expect an increase in AI-assisted attacks targeting employees. However, there is also a positive aspect: the awareness of AI-augmented cyberattacks has led 80% of global respondents to take more proactive steps toward implementing security awareness and training within their organizations.
While employees are recognized as the first line of defense against cyber threats, there is a growing concern that many lack adequate cybersecurity knowledge. Nearly 78% of surveyed leaders believe that their employees are not sufficiently knowledgeable about cybersecurity, a significant rise from 56% in 2023. This lack of awareness underscores the urgent need for effective training programs to equip the workforce with the necessary skills to recognize and mitigate cyber threats.
Security awareness training is seen as critical to closing this knowledge gap. Three-quarters of leaders are planning their security awareness campaigns, with most delivering content on a monthly (38%) or quarterly (54%) basis. The report also reveals that high-quality content plays a crucial role in the effectiveness of these programs. Ensuring that the content is engaging and accessible is a key factor in achieving positive outcomes from training efforts.
Phishing attacks, in particular, are highlighted as one of the most prominent threats that employees must contend with. Cybercriminals are using AI to make phishing schemes more sophisticated, making them harder for employees to detect. Over 80% of organizations reported facing attacks such as malware, phishing, and password attacks that directly targeted individual users in the past year. Consequently, cybersecurity training programs are placing a strong emphasis on phishing prevention, with nearly all (98%) of organizations incorporating this into their training programs.
Fortinet’s Chief Marketing Officer, John Maddison, emphasizes that as threat actors continue to evolve their tactics with new technologies like AI, it becomes increasingly important for employees to be well-prepared to identify and respond to these attacks. He stresses the significance of fostering a culture of cybersecurity, where security awareness is embedded throughout the organization. Fortinet’s Security Awareness and Training service, which includes a free educational version for primary and secondary schools globally, plays a vital role in strengthening the cyber resilience of organizations by providing employees with the knowledge and tools needed to defend against cyber threats.
The research also reveals that UAE organizations are seeing positive outcomes from implementing security awareness programs. An overwhelming 94% of UAE industry leaders reported improvements in their organization’s security posture following the introduction of security awareness and training. Not a single respondent indicated that they had seen no improvement, demonstrating the effectiveness of such initiatives in strengthening defenses against cyber threats.
Most organizations initiate security awareness training following a breach incident or due to knowledge of the threats specific to their industry. The report highlights that nearly all business leaders (96%) believe that enhanced employee awareness would improve their organization’s cybersecurity. Despite the widespread implementation of training programs, there are key attributes that leaders believe make some programs more effective than others. Engaging content is considered critical, with 92% of decision-makers satisfied with their current solutions, though many expressed concerns about the lack of engaging material in some programs. Additionally, organizations must balance the time commitment required for training, as excessive demands can lead to training fatigue. The most common duration for training is between 1.1 and 2.0 hours, with three hours being the average.
Fortinet offers its Security Awareness and Training service to businesses seeking to develop a cyber-aware workforce. This service, designed by the Fortinet Training Institute’s world-class trainers, covers a wide range of cybersecurity topics and offers customizable content. Periodic reminders and checks help reinforce learning, and businesses can track progress through a variety of dashboards. The service also helps address cyber insurance and compliance needs, making it a comprehensive solution for organizations aiming to bolster their cybersecurity resilience.
In conclusion, the 2024 Security Awareness and Training Global Research Report from Fortinet underscores the growing importance of cybersecurity awareness in the workplace. As cyber threats continue to evolve, particularly with the integration of AI, employees must be equipped with the knowledge and skills to defend against these sophisticated attacks. Organizations in the UAE and beyond are increasingly prioritizing security awareness training to strengthen their defenses, with Fortinet’s solutions playing a key role in helping them build a more secure future.