New Study: Over One Quarter of Employees Haven’t Received Cybersecurity Training
August 18, 2025
Over one quarter (26%) of employees in the US have never received cybersecurity training from their employer, including receiving guidance on hacking attempts and phishing scams.
That’s according to a new report by RS, which surveyed 1,000 US-employed individuals across the nation.
While technology is increasingly relied on across multiple industries to improve, automate and streamline operations, a lack of employee training poses a huge security threat to US businesses. In fact, a recent report projected the cost of cybercrime to total $10.5trillion* globally this year, with a large portion impacting US businesses.
The RS study examines survey responses from 1,000 workers across various industries, aiming to uncover the state of cybersecurity among multiple industries in the US, including the most common cybersecurity risks committed.
The research found employees commonly committed the following:
- Used the same password for multiple platforms (46%)
- Stored passwords on a work laptop, phone, or writing pad (31%)
- Left desk without locking/logging out of/shutting down computer (28%)
- Chosen to avoid using two-factor authentication for logins (26%)
- Failed to update software on time (25%)
- Used a password with name or birthday in it (24%)
- Worked from an unprotected Wi-Fi source (e.g. open Wi-Fi that is not password protected) (20%)
- Clicked on a link from an unverified source (20%)
- Opened a document from an unverified source (18%)
- Sent confidential data or files to the wrong recipient (9%)
The data also found that almost one third (72%) of employees are likely to use their personal devices for work purposes – this is particularly true for those aged 16-24, who are much more likely (78%) to use their personal devices for work, compared to 55+ year olds (60%).
The cybersecurity threat continues even when working from home, as over half (62%) Americans don’t use a firewall when working from home and less than a third (32%) join a work VPN.
Jared Parker, Security Compliance Manager at RS, commented: “Surveys of this nature play a vital role in evaluating the effectiveness of cybersecurity training programs currently implemented across organizations.
“As work from home and Bring Your Own Device (BYOD) policies become increasingly prevalent, the threat landscape continues to evolve, making it imperative for companies to equip employees with up-to-date knowledge on emerging security threats and tactics employed by malicious actors.
“Cybersecurity education can no longer be treated as a one-time annual compliance exercise, as critical information is easily forgotten without regular reinforcement. Instead, organizations should adopt a continuous learning approach by delivering concise, easily digestible training nuggets throughout the year.
“These micro-learning modules should focus on helping employees recognize and respond to the latest emerging threats, especially as adversaries leverage advancing technologies like artificial intelligence to refine their attack methods and techniques.”
https://us.rs-online.com/newsroom/2508-cybersecurity-traning
