Marketplace Tech Why cybersecurity training isn’t enough to stop phishing hacks
Oct 9, 2025
A recent study found that cybersecurity training only reduced phishing attacks by 2%. Employees often rush through these programs, spending less than ten seconds on training. Engaging interactive training might be more effective than static lessons. Phishing remains a top attack vector due to its simplicity and the high reward for attackers. Experts suggest enhancing security with multi-layered defenses like two-factor authentication and AI detection instead of relying solely on user training.
AI Snips
Chapters
Transcript
Episode notes
Training Often Fails To Change Behavior
- A UC San Diego Health study found training reduced successful phishing by only about 2%.
- Many workers simply don't spend time engaging with required training materials.
Most People Rush Through Training
- Many employees spent between zero and ten seconds on assigned cybersecurity training.
- Short attention spans during training explain why mandated courses rarely improve phishing resilience.
Prefer Interactive Over Static Modules
- Use interactive training rather than static one-pagers to improve comprehension.
- But measure genuine engagement, not just time spent, to confirm learning.