ESG Brief: COVID-19 Readiness: The Cyber-awareness and Employee Productivity Connection


When employees were sent home to work due to COVID-19, cybersecurity teams had to adjust their defenses accordingly. This was especially true due to a massive increase in coronavirus-related cyber-threats. In this environment, security awareness training is especially important, but too many training programs are a mere formality, conducted purely to satisfy a corporate governance or regulatory compliance requirement. ESG research illustrates that comprehensive security training is worthwhile as organizations with thorough training programs were more responsive to COVID-19 cyber-threats and had greater employee productivity. As such, CISOs should eschew “checkbox” training and persuade HR and executives to embrace more thorough security awareness training programs with demonstrable benefits and ROI.

Topics: Cybersecurity cybersecurity education COVID-19 Tech Effect

ESG Brief: The Cybersecurity Awareness Conundrum


It is an obvious move to provide cybersecurity awareness training to employees to ensure their secure use of the company network across multiple cloud and hybrid environments—and it is an arguably altruistic bonus to enhance employee personal life cybersecurity. But does cybersecurity training accomplish what we want it to? Does it effectively stop users from clicking on malicious links in phishing emails or help them recognize a seemingly innocuous email that might offer privileged access to an attacker? Some say yes; some say no. ESG conducted several studies in 2019 that provide insight into respondents’ use of cybersecurity awareness training and their perception of the service.

Topics: Cybersecurity cybersecurity education