CybeReady, a global leader in security awareness training, has conducted extensive research based on millions of data points, accumulated from training enterprise employees over the past five years. According to CybeReady, the data reveals that new employees regularly show a propensity for higher-risk behaviours compared to veteran employees. The data establishes a direct correlation between employee experience within a company and its cybersecurity risk level.
The new findings highlight the significance of the employee learning curve and its impact on cybersecurity risk. The data groups employees into three main clusters according to their risk level (low, medium and high risk) and assumes every employee engages in continuous and regular training – at least one short training session per employee per month.
According to the data, during the first six months with an organisation, basic training is often provided to new employees in order to establish a risk baseline. As early-stage employees progress to the 6-12 month mark, they are exposed to advanced training simulations and reveal a medium level of risk. However, after the 12-month mark, a breakpoint is observed indicating a significant decrease in risk.
The research further reveals a stark contrast in behaviour between new and veteran employees. On average, new employees (less than six months with the company) are more than twice as likely to click on phishing emails compared to their veteran counterparts, demonstrating increased susceptibility to cyberthreats.