Shocking Reality of New Hire Security Training: 60% Only 'Vaguely Understand' Content, 20% Hide Mistakes via 'Self-Resolution'
NSS Smart Consulting conducted a survey of 1,025 office workers, revealing that nearly 60% of new employees only partially grasp information security training due to difficult terminology. Furthermore, 20% tend to handle security mistakes privately, highlighting a significant hidden risk for organizations facing sophisticated cyber threats like CEO fraud.
📋 Article Processing Timeline
- 📰 Published: March 31, 2026 at 19:00
- 🔍 Collected: April 1, 2026 at 13:39 (18h 39m after Published)
- 🤖 AI Analyzed: April 22, 2026 at 00:32 (490h 52m after Collected)
NSS Smart Consulting Co., Ltd. (based in Shinjuku, Tokyo; CEO: Eisuke Ando) conducted a survey on the 'Penetration Level of Information Security Education and Employee Awareness in Companies' among office workers who use PCs and IT systems for work.
Every spring, many companies start training programs for new employees. In today's rapidly digitizing business world, 'Information Security Education' is one of the most critical programs to protect an organization. Recently, cyber threats have become increasingly sophisticated, such as the large-scale attacks on major corporations reported in 2025 and the surge in CEO fraud (Business Email Compromise impersonating executives). To defend against these threats, improving the literacy of each employee is essential, alongside technical system measures.
However, a common organizational challenge is how to practice and sustain the knowledge learned in training amidst busy daily operations and complex security requirements. In response, NSS Smart Consulting, which operates 'ISO Pro'—a support site for ISO acquisition and operation—conducted this survey.
Survey Overview:
- Period: March 18, 2026 – March 19, 2026
- Method: Internet survey via PRIZMA
- Participants: 1,025 office workers using PCs/IT systems
- Source: NSS Smart Consulting (ISO Pro)
- Monitor Provider: SACRISA
Key Findings:
While approximately 40% of respondents receive regular information security training, nearly 60% ended up 'only vaguely understanding the content' because the technical terms were too difficult. This gap between training and actual comprehension poses a severe vulnerability. The survey also revealed that 20% of employees have attempted to 'self-resolve' security errors without reporting them, creating a dangerous blind spot for management. These 'hidden risks' can lead to secondary damages when sophisticated attacks occur.
Every spring, many companies start training programs for new employees. In today's rapidly digitizing business world, 'Information Security Education' is one of the most critical programs to protect an organization. Recently, cyber threats have become increasingly sophisticated, such as the large-scale attacks on major corporations reported in 2025 and the surge in CEO fraud (Business Email Compromise impersonating executives). To defend against these threats, improving the literacy of each employee is essential, alongside technical system measures.
However, a common organizational challenge is how to practice and sustain the knowledge learned in training amidst busy daily operations and complex security requirements. In response, NSS Smart Consulting, which operates 'ISO Pro'—a support site for ISO acquisition and operation—conducted this survey.
Survey Overview:
- Period: March 18, 2026 – March 19, 2026
- Method: Internet survey via PRIZMA
- Participants: 1,025 office workers using PCs/IT systems
- Source: NSS Smart Consulting (ISO Pro)
- Monitor Provider: SACRISA
Key Findings:
While approximately 40% of respondents receive regular information security training, nearly 60% ended up 'only vaguely understanding the content' because the technical terms were too difficult. This gap between training and actual comprehension poses a severe vulnerability. The survey also revealed that 20% of employees have attempted to 'self-resolve' security errors without reporting them, creating a dangerous blind spot for management. These 'hidden risks' can lead to secondary damages when sophisticated attacks occur.