2025年全球信息安全意识与培训研究报告

Contents 3Methodology4ExecutiveSummary5TrainingWorks;ButtheWorkIsNeverDone7AIIsReinforcingtheValueofSecurityAwarenessandTraining13ExternalThreatsAreDrivingAdoption,ButInternalRisks Methodology The findings in this report are based on responsesobtained through online interviews with 1,850 seniorIT security decision-makers. The interviews were Size of Company Role Type 100-499 employees21%500-999 employees20%1,000-2,499 employees22%2,500-4,999 employees19% 9%held Owner positions30%held C-Level Executive positions6%held Vice President positions14%held Head of Department positions17%held Director positions •Argentina•Australia•Brazil•Canada•Colombia•France•Germany•Hong Kong•India•Indonesia•Israel •Mexico•Netherlands•New Zealand•Philippines•Singapore•South Africa•South Korea•Spain•Sweden•Taiwan Top Three Business Sectors:Manufacturing15%Financial Services13%Professional Services and Technology12% Gender63%of respondents were male37%of respondents were female Total respondents: 1,850Asia-Pacific30%Europe, Middle East, and Africa27%Latin America22%North America22% Overall results are accurate to± 2.3% at a 95% confidence limit. Executive Summary AI-based threats have led employees to see the value of cybersecurity awareness and training in a new light.Organizations report real, measurable results from training efforts, though most feel that even more training is needed AI is reinforcing the valueof security awareness External threats are Organizations are seeingreal results from security •41%of respondents say theyhave adopted security awarenessand training to defend against •67%of organizations reportmoderate or significantreductions in intrusions, •88%of organizations say AIuse by bad actors has helpedemployees see why awareness •95%of decision-makers believethat more security awareness •69%of leaders feel employeesstill lack security awareness. •53%of organizations trainemployees on the appropriateuse of generative AI (GenAI) tools •51%see data security as themost important awareness andtraining topic, followed by data •53%measure trainingeffectiveness in terms of reducedsecurity incidents. Other top •26%say employees who seesecurity as important don’t always •96%of respondents say they arein the process of researching andimplementing a security policy for •34%say personnel limitationswere the main reason they •88%of organizations providetailored training to different INTRODUCTION Training Works; But the Work Is Never Done In 2025, we broadened the scope of ourSecurity Awareness andTrainingsurvey, asking new questions and diving deeper into areassuch as preferred training modalities, how organizations are measuring The2025 Security Awareness and Training Global Research Reportreinforces two key findings from thepast couple of years: that organizations see knowledgeand skills as crucial to cyber defense, and that trainingmust adapt continually as threats and risks evolve, We also added a new section to the report—first introduced in our2025 Cybersecurity Skills Gap Global Research Report—Taking Action.In this section, we share the perspectives of Fortinet experts as they Our 2025 findings show that organizations continue to see securityawareness and training as important and that external threats are As they have in previous years, leaders remain committed to securityawareness and training, recognizing the need and building it intocorporate priorities. Yet many continue to feel that their workforcesare unprepared to fend off cyberthreats, despite concerted efforts Fewer than half (40%)ofrespondentssay employeesare highly trained and readyto identify, avoid, and report AI Is Reinforcing the Value of Security Awareness As organizations continue to adopt AI tools—and asthreat actors increasingly use AI for malicious purposes—employees and leaders recognize the dual need for greater security awareness training. Yet despite being highly aware of the risingthreat of AI, leaders aren’t especially confident that their employees are Just 40% of survey respondents consider their employees to be highlytrained and ready to identify, avoid, and report AI-based cyberthreats inthe next 12 months. Fifty-eight percent (58%) describe their employees The overwhelming majority (88%) of respondents to our 2025 surveysay that the growing use of AI by bad actors has either somewhat or A silver lining is that only a very small portion of leaders (2%) believetheir employees are not at all ready to face AI-driven threats. The AI Alarm Bell Most respondents say knowledge of AI threats has either significantly or somewhat increased employee perceptions DIGGING DEEPER Organizations are acting to safeguard against AI risks AItrainingadoptionisfairlyconsistentacross AIuseneedstobemanaged AItoolsneedtobesecured Organizations are taking concrete steps tomanage employee AI use, including: The majority are also taking steps to manageAI tool security: AI training adoption is broadly similar ac