Cybersecurity has moved beyond a technical hardware problem. A new global study of 1,850 senior IT leaders reveals that the human element is now the primary theater of war for corporate defense. The Fortinet 2025 Security Awareness and Training Global Research Report highlights a stark reality: while training works, it is currently suffering from a massive completion crisis.
Training delivers quantifiable results
Data shows that security awareness training is no longer just a compliance checkbox. 67% of organisations reported a moderate or significant reduction in successful attacks after deploying employee training.
Companies are moving away from gut feelings and are now using concrete metrics to track their progress:
- 53% measure success by the drop in actual security incidents.
- 52% rely on direct employee feedback.
- 50% use formal security audits to verify readiness.
Despite these gains, a massive gap exists in follow-through. Only 6% of organisations report that 100% of their staff finished the assigned training. On average, 93% of employees fail to see their training through to the end, leaving organizations exposed to avoidable risks.
The AI double-edged sword
Generative AI has shifted employee perspectives on cyber risk. 88% of organizations state that the use of AI by malicious actors has forced staff to take security more seriously. However, leaders remain skeptical of their own teams’ abilities. Only 40% believe their employees can currently identify or report an AI-based threat.
To combat this, 53% of companies now provide specific instructions on how to use AI tools properly. Another 96% are in the process of drafting formal policies to govern how AI applications handle sensitive company data.
Rising internal threats
While external hackers remain the primary concern for 41% of companies, the fear of “insider risk” is growing at an unprecedented rate. Concerns over employees accidentally or intentionally compromising data rose from 4% in 2024 to 27% in 2025.
This shift explains why the most critical training topics for 2026 are:
- Data Security (51%).
- Data Privacy (43%).
- AI-Based Threats (41%).
Regional and sector disparities
In India and the broader APAC region, organizations are leading the charge in AI-specific training, with 59% already teaching users how to manage AI tools safely. However, APAC also faces the highest hurdle in adoption: 40% of leaders cite a lack of available personnel to run these programs.
Sector-specific data suggests that critical infrastructure is lagging. 76% of leaders in Power and Energy and 75% in Healthcare admit their employees still lack basic security awareness.
Moving toward a culture of accountability
The report suggests that the most successful organizations treat security as a “shared responsibility” rather than just an IT task. 95% of leaders now support applying stricter policies to employees who repeatedly show high-risk behavior.
To bridge the awareness gap, experts recommend “training in sprints”, using 5- to 15-minute interactive modules instead of long, annual sessions. Shorter, more frequent lessons help reinforce principles without overwhelming the workforce.