Sometimes I wonder whether all this “security awareness training” has any effect at all.

  • nymnympseudonym@piefed.socialEnglish
    2·
    2 days ago

    You say that but do you have any objective data?

    I’d love to see studies of phishing success in orgs that do vs. do not have regular trainings.

    I bet it works like PSA advertising. It’s stuff everyone should know and 98% of people already do. But it also helps keep the issues closer to conscious awareness and is actually educational for the 2%

    • cron@feddit.orgOP
      5·
      2 days ago

      There is a 2025 study that was widely reported:

      In summary, our results confirm the ineffectiveness of current phishing training approaches while offering a refined study design for future work.

      arXiv:2506.19899

      • nymnympseudonym@piefed.socialEnglish
        2·
        2 days ago

        training interventions showed no significant main effects on click rates (p=0.450) or reporting rates (p=0.417), with negligible effect sizes

        Thank you. I stand corrected, and with my Bayesian priors updated.