Kathy Gibson is with Kaspersky Lab in Cape Town –  When it comes to cybersecurity, there is no such thing as 100% protection – without awareness and education breaches will continue to happen.

Elena Molchanova, head of security awareness marketing at Kaspersky Lab, says research shows that 52% of organisations regard employees as the biggest threat to corporate cybersecurity.

A massive 60% of employees store confidential data on their corporate devices.

More worryingly, 30% of employees confess to having shared their work PC logins with colleagues.

“Human error costs companies a lot,” says Molchanova. “This is despite traditional security awareness programmes.”

A single attack caused by human error costs enterprises more than $1-million. This figure is $98 000 for small and medium businesses.

“The only way to change this situation is to change something in the human brain,” Molchanova says.

The market for security awareness training will be $10-billion a year by 2027. But 80% of IT directors are not satisfied with the effectiveness of existing security awareness training.

They believe it is simply not efficient, Molchanova says. The problem is that managers are not involved in formulating cybersecurity culture.

Additionally, it is all about what users are not allowed to be, rather than about how to achieve outcomes. Because users see rules as limitation, they try to bypass them.

Most significantly, there is no motivation to learn from the employees’ side.

For managers, security awareness training is seen to take too long to administer – and it’s difficult to convince employees to learn.