Behavior change training shows promise in curbing human cyber risk

SecurityWeek reports that critical infrastructure organizations that implemented behavior changing cybersecurity training had a 65.6% threat detection rate and a 31% increase in success rate, compared with a 60% detection rate and 7% success rate improvement observed with the use of traditional security training programs. Behavior changing training, which involves short and positive AI-controlled cybersecurity nudges aimed at facilitating a personalized learning process for users, was also associated with a 65% decline in failure rates, compared with a 13.2% global average reduction rate although such training's failure rate for spoofed internal organizational communications was 11.4% higher than average, according to a Hoxhunt report. "Behavior-based engagement with phishing emails is better than traditional security courses as it better prepares you to recognize an attack. It becomes second nature to report it, especially when it is AI-generated adaptive learning," said Zimperium Vice President of Product Strategy Krishna Vishnubhotla.