Skip to content
KnowBe4 2018 Security Awareness Training Deployment and Trends Survey
Demographic Questions
1.
Which best describes your vertical industry?
Academic (College/University)
Accounting
Advertising
Aerospace
Agriculture/Forestry
Automotive
Biopharma and Biosciences
Business Services/Consulting
Communications/Telecom
Computer hardware/software/technology manufacturer
Construction
Consulting
Education (K through 12)
Energy
Engineering
Financial services/banking, legal, real estate
Gaming
Government (federal)
Government (state and local)
Healthcare
Hotel & Hospitality
Insurance
IT/Technology Services Provider
Law Enforcement
Legal
Manufacturing
Marketing
Media and Entertainment
News Organization
Non Profit
Oil/Gas/Mining
Pharmaceutical
Retail
Sales
Security
Software
Sports
Surveillance
Telecommunications
Transportation
Travel
Utilities
Weather
Other (please specify)
2.
How many servers are in your organization?
1 to 10
11 to 20
21 to 30
31 to 50
51 to 100
101 to 250
251 to 500
501 to 1,000
1,001 to 5,000
More than 5,000
3.
What is your title/job function?
Application Manager
Architect
CEO
CIO
CISO
COO
CTO
Database Administrator
Engineer (Systems or Network)
Independent Consultant/Systems Integrator
IT Manager
IT Staff
Network Administrator
Network Manager
Plant Facilities Manager
Security Administrator/Manager
Server Hardware Administrator
Software Developer
Storage Administrator
Telecom Engineer
Telecom Manager
VP of IT
VP of Security
Other (please specify)
4.
What is your organization’s TOTAL average annual expenditure on security including hardware, software, services and training?
$20+ million
$10-$19.9 million
$5-$9.9 million
$1-$4.9 million
$500,000-$999,999
$250,000-$499,999
$101,000-$249,000
$51,000 -$100,000
$25,000 - $50,000
<$25,000
We do not have a separate security budget
5.
Have hackers or malware been able to get on your network or computers in the last year, if even only for a short while, before detection and removal?
Yes
No
If NO, PLEASE SKIP to Question 8
6.
If Yes, what root exploit causes were involved in successful attacks or compromises within the last year
Zero Days
Social Engineering
Unpatched Software
Malware
Password Attacks/Issues
Data Leaks
Eavesdropping/MitM
Misconfiguration
Denial of Service
Insider/Partner/Consultant/Vendor/3rd Party Issues
User Error
Physical Attacks
A combination Social Engineering, Malware, User Error and Password Issues/Attacks
Other (Please Specify)
7.
If your networks or computers were compromised by Social Engineering, please specify the root cause(s)
Email
Browser-only
Phone
SMS
All of the above
Unsure
Other (please specify)
8.
Do you have a security awareness training program?
Yes
No
Not at this time, but we plan to implement one within the next six to 12 months
We are considering it, but have not made a decision
9.
If your firm does not currently have a Security Awareness Training program and no specific plans to adopt it, what is/are the reason(s)
Upper management does not consider it necessary
We think it costs too much
We are unsure of the benefits
We think our current security safeguards, policies and procedures are adequate
We are an SMB and lack the time and resources to implement security awareness training
Other computer and network issues take priority
A combination of all of the above issues
Other (please specify)
10.
If your firm has a Security Awareness Training program, what does it include? Select All that Apply
Videos
Human trainers
Seminars/Webinars with outside third parties
Newsletters
Email
All of the above
Other (please specify)
11.
If your firm has a security awareness training program, how often is security awareness training conducted (e.g. ad hoc, weekly, monthly, quarterly, semi-annually, annually, longer)?
Ad hoc
Weekly
Monthly
Quarterly
Every six months
Annually/once a year
As needed/No set schedule
Only in the wake of a successful attack
Unsure
12.
If your firm conducts security awareness training, does it include simulated phishing attacks?
Yes
No
Not currently, but we plan to do so
13.
If your firm does conduct simulated phishing attacks, how often does it do so?
Ad hoc
Weekly
Monthly
Quarterly
Every six months
Annually
As needed
Only in the wake of a successful phishing attack
Unsure
Other (Please Specify)
14.
If your firm conducts simulated phishing attacks, do you randomize the simulated phishing topics?
Yes
No
Not yet but we plan to do so
15.
If your firm conducts simulated phishing attacks does it focus on specific groups with specific types of phishing (e.g. CEO fraud)
Yes
No
Not currently, but we plan to do so
16.
Is your security awareness training automated? For example, will employees that fail a simulated phishing test be automatically sent a security awareness training component?
Yes
No
Not currently, but we plan to do so
17.
How much time do the administrator(s) devote to managing security awareness training programs each year?”?
1 to 2 hours
2 to 4 hours
One week
Two weeks
No specific amount of time
Ad hoc
As needed
Other (Please Specify)
18.
How many minutes of security awareness training is required each year for employees?
15 to 30 minutes
31 to 60 minutes
1 to 2 hours
2 to 4 hours
>4 hours
No specific time allotted
We schedule security awareness training as needed
19.
Has security awareness training helped your firm to identify and thwart hacks in the last six to 12 months?
Yes
No
We have not experienced any successful or attempted hacks in the last six months
Unsure
20.
Do you feel that security awareness training has helped decrease your firm's overall computer security risk?
Yes
No
It’s too soon to tell
21.
Do you feel that security awareness training has changed your company’s computer security culture for the better?
Yes
No
Other (please specify)
22.
ESSAY Question: Please provide us with your comments, insights and observations on your organization’s experiences with security awareness training. For example, how has it benefitted the Security and IT Administrators, the employees and has it been a valuable tool in making your firm more secure? Please leave your Email address so we may contact you if you win the $100 Amazon Gift Certificate.
Current Progress,
0 of 22 answered