Realistic simulations are transforming cybersecurity training

To achieve a diverse and well-trained cybersecurity workforce, organizations recognize the value of a quality training program supported by the pursuit of cybersecurity certifications, according to Security Innovation and Ponemon Institute.

The report revealed a growing embrace of realistic simulations in training programs, with respondents ranking this feature as highly effective and delivering the greatest ROI compared with other cybersecurity training program components.

Positive shifts in cybersecurity training programs

The report found positive shifts in training programs since 2020.

• 24% increase in realistic simulations: 60% of companies now include realistic simulations as part of their cybersecurity training programs compared to 36% in 2020. ROI for cybersecurity programs incorporating realistic simulation grew from an average of 30% in 2020 to 40% in 2023.
• Relevant content and broad adoption: 53% of companies include training as part of the onboarding process, with 55% of programs incorporating content tailored to a learner’s specific job role, an increase of 12% over 2020. The broad adoption of cybersecurity training practices was shown to substantially improve a company’s Security Effectiveness Score (SES) and strengthen its overall security posture.
• Training moves to the cloud: Driven by a remote workforce, in-person and classroom training venues declined by 50% as programs move to cloud-based platforms.
• Accountability: Many companies have implemented accountability measures by making training requirements mandatory – 45% of companies do not allow learners to waive cybersecurity training requirements compared with only 20% in 2020 – while 53% now report results to C-level executives in their organization, up from 31% in 2020.

“Companies are investing considerable amounts to address the growing cybersecurity skills gap. As a result, we are seeing broader adoption of training best practices and increased scrutiny around program results, although there is still a long way to go. Realistic simulations and role-based learning are key to program effectiveness and ROI,” said Dr. Larry Ponemon, founder of the Ponemon Institute.

“The findings in the Ponemon Report reflect what we’ve experienced with our clients over the last decade, namely the need for engaging training methods that teams actually want and managers can measure,” said Ed Adams, CEO of Security Innovation. “Our complete coverage for all those that build, operate, and defend software combined with the industry’s only software-focused cyber range are unrivaled in accelerating job-specific security skills development.”

Cybersecurity training budgets rise steadily

Cybersecurity training budgets have steadily increased despite the decline in in-person training. On average, organizations spend $3.5 million annually on cybersecurity programs, a 20% increase over 2020 while large enterprises can spend up to $6 million annually.

Ponemon collected seventeen benchmarks from study participants and grouped the benchmarks into three categories: content, measurement and governance and delivery. Of these, the following factors were ranked as having the greatest impact on training program effectiveness and program ROI:

• Training includes realistic simulations
• Content is tailored to a learner’s job role
• Methods are available to measure training program effectiveness
• Results are reported to C-level executives
• Broad adoption