> **来源:[研报客](https://pc.yanbaoke.cn)** # 2025 Security Awareness and Training Global Research Report Summary ## Core Content This report highlights the evolving landscape of security awareness and training in 2025, emphasizing the growing importance of these initiatives in response to both external and internal cyber threats, particularly in the context of AI. It outlines the current state of adoption, effectiveness, and challenges faced by organizations globally. ## Main Findings ### 1. **Training Works; But the Work Is Never Done** - Organizations recognize the value of security awareness and training as a critical component of cyber defense. - Despite efforts, many still feel their workforces are unprepared to handle evolving cyber threats. - The need for continuous adaptation of training content and delivery methods is evident. - Regular training sessions are common, with 94% of organizations holding them on a regular basis. ### 2. **AI Is Reinforcing the Value of Security Awareness and Training** - AI-based threats have significantly increased employee awareness of the importance of security training (88%). - 53% of organizations train employees on the proper use of generative AI (GenAI) tools and monitor/block sensitive information sharing. - 96% of respondents are researching or implementing security policies for AI apps and other tools. - Only 40% of organizations believe their employees are highly trained and ready to handle AI-based threats. ### 3. **External Threats Are Driving Adoption, But Internal Risks Are a Growing Concern** - External threats remain the main driver for adoption (41%), though this is down from 52% in 2024. - Internal risks, such as insider threats, are becoming more significant (27%). - The top reasons for not adopting security awareness earlier include personnel limitations (34%), budget constraints (19%), and other security priorities (18%). ### 4. **Organizations Are Seeing Real Results From Security Awareness and Training** - 67% of organizations report moderate or significant reductions in intrusions, incidents, and breaches. - The most common measure of training effectiveness is reduced security incidents (53%), followed by employee feedback (52%) and security audits (50%). - 88% of organizations provide tailored training to different employee groups. ### 5. **Despite Making Gains, More Training Is Needed** - 95% of decision-makers believe more security awareness would help reduce cyberattacks. - 69% of leaders feel employees still lack security awareness. - 26% say employees who recognize the importance of security don't always act accordingly. ## Key Information ### **Training Adoption by Company Size** - 100-499 employees: 21% - 500-999 employees: 20% - 1,000-2,499 employees: 22% - 2,500-4,999 employees: 19% - 5,000+ employees: 19% ### **Role Type Distribution** - C-Level Executives: 30% - Managers: 24% - Directors: 17% - Heads of Department: 14% - Vice Presidents: 6% - Owners: 9% ### **Gender Distribution** - 63% male - 37% female ### **Top Business Sectors** - Manufacturing: 15% - Financial Services: 13% - Professional Services and Technology: 12% ### **Regional Distribution** - Asia-Pacific: 30% - Europe, Middle East, and Africa: 27% - Latin America: 22% - North America: 22% ### **Training Effectiveness Measures** - Reduced security incidents: 53% - Employee feedback: 52% - Security audits: 50% - Training participation: 47% - Knowledge assessments/quizzes: 46% - Training completion rates: 42% - Phishing simulation results: 40% - Behavioral change: 38% - Surveys: 35% ### **Training Modalities** - In-person training: 53% - Computer-based training: 52% - Simulated phishing attacks: 45% - Smishing simulations: 37% - Internal chat (e.g., Teams, Slack): 36% - Screen monitors: 33% - "Nudge" communications: 32% - Newsletters: 30% - Simulated QR codes: 29% - Onsite posters: 26% - Awards: 26% - Simulated USB: 23% - Contests: 21% ### **AI-Driven Security Awareness by Region** - Asia-Pacific: 51% - Europe, Middle East, and Africa: 37% - Latin America: 49% - North America: 53% ### **Confidence in Employee Readiness for AI Threats by Region** - Asia-Pacific: 88% - Europe, Middle East, and Africa: 83% - Latin America: 83% - North America: 91% ### **Employee Training on AI Tools by Region** - Asia-Pacific: 59% - North America: 51% - Europe, Middle East, and Africa: 50% - Latin America: 49% ### **Training Completion Rates** - 100% completion: 6% - >70% completion: 56% - Training completion rates: 42% of organizations use as a measure of effectiveness. ## Conclusion Security awareness and training continue to be a vital component of organizational cybersecurity strategies, with AI playing a pivotal role in increasing its perceived value. While many organizations are seeing positive results from training programs, there remains a gap between awareness and action, with internal risks and training completion rates being key areas for improvement. The report underscores the need for ongoing, tailored, and engaging training that aligns with evolving threats and supports a culture of security awareness across all levels of the organization.