Table of Contents
In response to the ongoing rise in cyber attacks, many organizations will focus their cybersecurity investment on tools and technologies. But the weakest link in the security chain often comes down to people: according to Verizon’s “2024 Data Breach Investigations Report,” excluding malicious privilege misuse (abuse of access privileges by insiders), the human element was a factor in 68 percent of breaches examined.
No matter how well-intentioned, employees can inadvertently expose an organization to cyber risk through their actions and lack of awareness.
Cyber threat levels can also spike during election seasons, as increased political activity and public interest create more opportunities for phishing and social engineering attacks, among others.
Why Cybersecurity Awareness Training Is Crucial Right Now
Data Breach Costs Are Spiking
In its “Cost of Data Breach Report 2024,” IBM notes the average cost of a data breach globally has reached an all-time high of $4.88 million, up from $4.45 million in 2023. Notably, business disruption and post-breach customer support and remediation drove the 10% cost jump一the largest increase since the coronavirus pandemic.
Election Season Means More Cyber Threats
Cyber attacks, often as stolen or leaked information and disrupted operations, increase during an election season. Ongoing attempts to thwart election security and voter turnout commonly occur through disinformation on social media, including AI-generated images, video, and audio, widely known as deep fakes.
Businesses outside of election operations can also face similar challenges, including the following:
- Increased phishing and social engineering attacks. These can involve fake election-related emails or websites designed to entice individuals into revealing personal information or credentials.
- Disinformation campaigns. Businesses can be targeted by the intentional spread of false information designed to damage their reputations or operations.
- State-sponsored cyber activities. These may not directly target businesses but can create collateral damage that impacts business operations. Organizations in critical infrastructure sectors, such as finance, energy, and healthcare, may be particularly at risk.
Widely Adopted Generative AI Can Add to Cyber Risks
Today’s explosive adoption of generative artificial intelligence (AI) has been transformative for industries worldwide but has also brought additional cybersecurity risks to the fore一beyond the scope of an election season described above. These include plagiarism, misinformation, copyright infringement, leaked data, and account compromise.
In fact, between January and October 2023 alone, over 225,000 account credentials for OpenAI’s ChatGPT were exposed and made available for sale on the dark web.
As Threats Increase, Cybersecurity Teams Remain Understaffed
Current data also suggests that businesses are struggling with a chronic understaffing of cybersecurity teams. IBM notes that half of the breached survey respondents had severe security staffing shortages, a skills gap that increased by a whopping 26.2% from the previous year.
Security Awareness Training & Education Can Make a Difference
Security awareness training and education can help mitigate cyber threats in several ways, including identifying potential dangers, safeguarding sensitive data, practicing safe online behavior, meeting compliance requirements, and building a security-conscious organizational culture.
Importantly, boosting awareness can be one of the most effective tactics in dampening the cost of data breaches. IBM cites employee cybersecurity awareness training as the most effective data breach cost mitigator. Organizations that implemented employee training had an average cost of $258,629 less than the 2024 mean cost of $4.88 million discussed above. In effect, a quality training program can go a long way toward paying for itself.
Undergoing security awareness training and education can also help meet regulatory requirements for minimum standards for cybersecurity practices.